From 2046a9c1120412025c1a3849907d4a146bbceb59 Mon Sep 17 00:00:00 2001 From: sebhoss Date: Fri, 10 May 2024 13:55:20 +0000 Subject: [PATCH] Update upstream specifications to their latest version --- ...kit_fluxcd_io_helm_release_v2_manifest.yml | 40 + ..._k8s_elastic_co_agent_v1alpha1_manifest.md | 286 ++- ...ane_io_composition_revision_v1_manifest.md | 6 +- ...o_composition_revision_v1beta1_manifest.md | 6 +- ...s_crossplane_io_composition_v1_manifest.md | 6 +- ...m_k8s_elastic_co_apm_server_v1_manifest.md | 94 +- ..._elastic_co_apm_server_v1beta1_manifest.md | 94 +- ...rraform_io_agent_pool_v1alpha2_manifest.md | 2 +- ...erraform_io_workspace_v1alpha2_manifest.md | 10 +- ...ackup_policy_template_v1alpha1_manifest.md | 2 +- ...io_cluster_definition_v1alpha1_manifest.md | 4 +- ...kubeblocks_io_cluster_v1alpha1_manifest.md | 68 + ...ks_io_cluster_version_v1alpha1_manifest.md | 2 +- ..._component_definition_v1alpha1_manifest.md | 6 +- ...beblocks_io_component_v1alpha1_manifest.md | 35 +- ..._io_config_constraint_v1alpha1_manifest.md | 56 +- ...s_io_config_constraint_v1beta1_manifest.md | 154 +- ...ocks_io_configuration_v1alpha1_manifest.md | 2 +- ...cks_io_ops_definition_v1alpha1_manifest.md | 1689 +++++++++-------- ...blocks_io_ops_request_v1alpha1_manifest.md | 101 +- ...spike_com_aerospike_cluster_v1_manifest.md | 1 + ...at_k8s_elastic_co_beat_v1beta1_manifest.md | 186 +- ...he_org_integration_platform_v1_manifest.md | 19 + ...che_org_integration_profile_v1_manifest.md | 19 + ...amel_apache_org_integration_v1_manifest.md | 19 + ...e_org_kamelet_binding_v1alpha1_manifest.md | 19 + .../camel_apache_org_pipe_v1_manifest.md | 19 + ..._capsule_configuration_v1beta2_manifest.md | 10 +- ...sule_clastix_io_tenant_v1beta1_manifest.md | 96 +- ...sule_clastix_io_tenant_v1beta2_manifest.md | 130 +- ...cache_parameter_group_v1alpha1_manifest.md | 8 +- ...ws_cache_subnet_group_v1alpha1_manifest.md | 8 +- ...aws_replication_group_v1alpha1_manifest.md | 64 +- ...ices_k8s_aws_snapshot_v1alpha1_manifest.md | 8 +- ...es_k8s_aws_user_group_v1alpha1_manifest.md | 2 +- ...services_k8s_aws_user_v1alpha1_manifest.md | 4 +- ...8s_elastic_co_elasticsearch_v1_manifest.md | 101 +- ...astic_co_elasticsearch_v1beta1_manifest.md | 100 +- ...s_ingress_class_params_v1beta1_manifest.md | 1 + ...lastic_co_enterprise_search_v1_manifest.md | 94 +- ...c_co_enterprise_search_v1beta1_manifest.md | 94 +- ...atekeeper_sh_provider_v1alpha1_manifest.md | 2 +- ...gatekeeper_sh_provider_v1beta1_manifest.md | 2 +- ...orking_k8s_io_gateway_class_v1_manifest.md | 2 +- ...g_k8s_io_gateway_class_v1beta1_manifest.md | 2 +- ...lkit_fluxcd_io_helm_release_v2_manifest.md | 411 ++++ ...fluxcd_io_helm_release_v2beta2_manifest.md | 1 + ...rbell_machine_template_v1beta1_manifest.md | 2 +- ..._io_tinkerbell_machine_v1beta1_manifest.md | 2 +- ...bset_x_k8s_io_job_set_v1alpha2_manifest.md | 2 +- ...clastix_io_data_store_v1alpha1_manifest.md | 112 +- ..._tenant_control_plane_v1alpha1_manifest.md | 13 + ...ibana_k8s_elastic_co_kibana_v1_manifest.md | 94 +- ..._k8s_elastic_co_kibana_v1beta1_manifest.md | 94 +- ...uadrant_io_dns_record_v1alpha1_manifest.md | 4 +- ...x_k8s_io_cluster_queue_v1beta1_manifest.md | 9 + ...ices_k8s_aws_function_v1alpha1_manifest.md | 1 + ...o_elastic_maps_server_v1alpha1_manifest.md | 94 +- ...ng_istio_io_virtual_service_v1_manifest.md | 1 + ...io_io_virtual_service_v1alpha3_manifest.md | 1 + ...tio_io_virtual_service_v1beta1_manifest.md | 1 + ...iametrics_com_vm_agent_v1beta1_manifest.md | 8 +- ...iametrics_com_vm_alert_v1beta1_manifest.md | 1 + ...riametrics_com_vm_auth_v1beta1_manifest.md | 141 +- ...metrics_com_vm_cluster_v1beta1_manifest.md | 1 + ...ametrics_com_vm_single_v1beta1_manifest.md | 8 +- ...riametrics_com_vm_user_v1beta1_manifest.md | 108 +- ...cona_com_percona_pg_cluster_v2_manifest.md | 448 ++++- ...scylladb_com_scylla_cluster_v1_manifest.md | 4 +- ..._hcp_vault_secrets_app_v1beta1_manifest.md | 4 +- ...m_vault_dynamic_secret_v1beta1_manifest.md | 4 +- ...p_com_vault_pki_secret_v1beta1_manifest.md | 4 +- ...om_vault_static_secret_v1beta1_manifest.md | 4 +- ...flow_org_sonata_flow_v1alpha08_manifest.md | 3 +- ...eper_sh_constraint_template_v1_manifest.md | 2 +- ...h_constraint_template_v1alpha1_manifest.md | 2 +- ...sh_constraint_template_v1beta1_manifest.md | 2 +- ...afana_com_tempo_stack_v1alpha1_manifest.md | 11 + .../data-source.tf | 6 + .../main.tf | 12 + .../outputs.tf | 5 + ..._k8s_elastic_co_agent_v1alpha1_manifest.go | 806 ++++++-- ...ane_io_composition_revision_v1_manifest.go | 12 +- ...s_crossplane_io_composition_v1_manifest.go | 12 +- ...o_composition_revision_v1beta1_manifest.go | 12 +- ...m_k8s_elastic_co_apm_server_v1_manifest.go | 272 ++- ..._elastic_co_apm_server_v1beta1_manifest.go | 272 ++- ...rraform_io_agent_pool_v1alpha2_manifest.go | 4 +- ...erraform_io_workspace_v1alpha2_manifest.go | 20 +- ...ackup_policy_template_v1alpha1_manifest.go | 8 +- ...io_cluster_definition_v1alpha1_manifest.go | 8 +- ...kubeblocks_io_cluster_v1alpha1_manifest.go | 216 ++- ...ks_io_cluster_version_v1alpha1_manifest.go | 4 +- ..._component_definition_v1alpha1_manifest.go | 12 +- ...beblocks_io_component_v1alpha1_manifest.go | 202 +- ..._io_config_constraint_v1alpha1_manifest.go | 194 +- ...ocks_io_configuration_v1alpha1_manifest.go | 4 +- ...cks_io_ops_definition_v1alpha1_manifest.go | 302 +-- ...blocks_io_ops_request_v1alpha1_manifest.go | 332 ++-- ...s_io_config_constraint_v1beta1_manifest.go | 456 ++--- ...spike_com_aerospike_cluster_v1_manifest.go | 9 + ...at_k8s_elastic_co_beat_v1beta1_manifest.go | 522 +++-- ...he_org_integration_platform_v1_manifest.go | 149 +- ...che_org_integration_profile_v1_manifest.go | 149 +- ...amel_apache_org_integration_v1_manifest.go | 149 +- .../camel_apache_org_pipe_v1_manifest.go | 149 +- ...e_org_kamelet_binding_v1alpha1_manifest.go | 149 +- ...sule_clastix_io_tenant_v1beta1_manifest.go | 192 +- ..._capsule_configuration_v1beta2_manifest.go | 20 +- ...sule_clastix_io_tenant_v1beta2_manifest.go | 260 +-- .../ceph_rook_io_ceph_cluster_v1_manifest.go | 3 + ...cache_parameter_group_v1alpha1_manifest.go | 16 +- ...ws_cache_subnet_group_v1alpha1_manifest.go | 16 +- ...aws_replication_group_v1alpha1_manifest.go | 128 +- ...ices_k8s_aws_snapshot_v1alpha1_manifest.go | 16 +- ...es_k8s_aws_user_group_v1alpha1_manifest.go | 4 +- ...services_k8s_aws_user_v1alpha1_manifest.go | 8 +- ...8s_elastic_co_elasticsearch_v1_manifest.go | 295 ++- ...astic_co_elasticsearch_v1beta1_manifest.go | 284 ++- ...s_ingress_class_params_v1beta1_manifest.go | 12 +- ...lastic_co_enterprise_search_v1_manifest.go | 272 ++- ...c_co_enterprise_search_v1beta1_manifest.go | 272 ++- ...atekeeper_sh_provider_v1alpha1_manifest.go | 4 +- ...gatekeeper_sh_provider_v1beta1_manifest.go | 4 +- ...orking_k8s_io_gateway_class_v1_manifest.go | 4 +- ...g_k8s_io_gateway_class_v1beta1_manifest.go | 4 +- ...lkit_fluxcd_io_helm_release_v2_manifest.go | 1477 ++++++++++++++ ...fluxcd_io_helm_release_v2_manifest_test.go | 31 + ...fluxcd_io_helm_release_v2beta2_manifest.go | 17 +- ...rbell_machine_template_v1beta1_manifest.go | 4 +- ..._io_tinkerbell_machine_v1beta1_manifest.go | 4 +- ...bset_x_k8s_io_job_set_v1alpha2_manifest.go | 4 +- ...clastix_io_data_store_v1alpha1_manifest.go | 12 +- ..._tenant_control_plane_v1alpha1_manifest.go | 64 +- ...rigger_authentication_v1alpha1_manifest.go | 8 +- ...rigger_authentication_v1alpha1_manifest.go | 8 +- ...ibana_k8s_elastic_co_kibana_v1_manifest.go | 272 ++- ..._k8s_elastic_co_kibana_v1beta1_manifest.go | 272 ++- ...uadrant_io_dns_record_v1alpha1_manifest.go | 19 +- ...x_k8s_io_cluster_queue_v1beta1_manifest.go | 22 +- ...ices_k8s_aws_function_v1alpha1_manifest.go | 9 + ...o_elastic_maps_server_v1alpha1_manifest.go | 272 ++- ...m_alertmanager_config_v1alpha1_manifest.go | 1 - ...ng_istio_io_virtual_service_v1_manifest.go | 16 +- ...io_io_virtual_service_v1alpha3_manifest.go | 16 +- ...tio_io_virtual_service_v1beta1_manifest.go | 16 +- ...iametrics_com_vm_agent_v1beta1_manifest.go | 65 +- ...iametrics_com_vm_alert_v1beta1_manifest.go | 9 + ...riametrics_com_vm_auth_v1beta1_manifest.go | 503 ++++- ...metrics_com_vm_cluster_v1beta1_manifest.go | 9 + ...ametrics_com_vm_single_v1beta1_manifest.go | 65 +- ...riametrics_com_vm_user_v1beta1_manifest.go | 321 +++- ...cona_com_percona_pg_cluster_v2_manifest.go | 1645 ++++++++++++++-- internal/provider/provider_data_sources.go | 3 + internal/provider/provider_resources.go | 2 + ...scylladb_com_scylla_cluster_v1_manifest.go | 8 +- ..._hcp_vault_secrets_app_v1beta1_manifest.go | 10 +- ...m_vault_dynamic_secret_v1beta1_manifest.go | 10 +- ...p_com_vault_pki_secret_v1beta1_manifest.go | 10 +- ...om_vault_static_secret_v1beta1_manifest.go | 10 +- ...flow_org_sonata_flow_v1alpha08_manifest.go | 18 +- ...eper_sh_constraint_template_v1_manifest.go | 4 +- ...h_constraint_template_v1alpha1_manifest.go | 4 +- ...sh_constraint_template_v1beta1_manifest.go | 4 +- ...afana_com_tempo_stack_v1alpha1_manifest.go | 38 + .../kubernetes/kubernetes/swagger.json | 4 +- ...fluxcd_io_helm_release_v2_manifest.md.tmpl | 19 + ...fluxcd_io_helm_release_v2_manifest_test.go | 36 + terratests.mk | 6 +- tests.mk | 6 +- 170 files changed, 12883 insertions(+), 4001 deletions(-) create mode 100644 .github/workflows/terratest-helm_toolkit_fluxcd_io_helm_release_v2_manifest.yml create mode 100644 docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md create mode 100644 examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/data-source.tf create mode 100644 examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/main.tf create mode 100644 examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/outputs.tf create mode 100644 internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest.go create mode 100644 internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go create mode 100644 templates/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md.tmpl create mode 100644 terratest/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go diff --git a/.github/workflows/terratest-helm_toolkit_fluxcd_io_helm_release_v2_manifest.yml b/.github/workflows/terratest-helm_toolkit_fluxcd_io_helm_release_v2_manifest.yml new file mode 100644 index 000000000..eb4881b03 --- /dev/null +++ b/.github/workflows/terratest-helm_toolkit_fluxcd_io_helm_release_v2_manifest.yml @@ -0,0 +1,40 @@ +# SPDX-FileCopyrightText: The terraform-provider-k8s Authors +# SPDX-License-Identifier: 0BSD + +name: HelmToolkitFluxcdIoHelmReleaseV2Manifest +on: + pull_request: + branches: [ main ] + paths: + - examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/** + - internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest.go + - internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go + - terratest/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go +jobs: + terraform: + name: Test with Terraform + runs-on: ubuntu-latest + steps: + - id: checkout + name: Checkout + uses: actions/checkout@v4 + - id: setup_go + name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + cache: true + - id: setup_terraform + name: Setup Terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_wrapper: false + - id: install + name: Install Provider + run: make install + - id: tests + name: Run Unit Tests + run: go test -v -timeout=120s -count=1 ./internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go + - id: terratest + name: Run Terratest Tests + run: go test -v -timeout=120s -count=1 -run TestHelmToolkitFluxcdIoHelmReleaseV2Manifest ./terratest/helm_toolkit_fluxcd_io_v2 diff --git a/docs/data-sources/agent_k8s_elastic_co_agent_v1alpha1_manifest.md b/docs/data-sources/agent_k8s_elastic_co_agent_v1alpha1_manifest.md index eb34f3797..3c473aa7f 100644 --- a/docs/data-sources/agent_k8s_elastic_co_agent_v1alpha1_manifest.md +++ b/docs/data-sources/agent_k8s_elastic_co_agent_v1alpha1_manifest.md @@ -128,7 +128,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -138,7 +138,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -148,9 +148,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -625,6 +625,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -636,6 +637,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--containers--working_dir--windows_options)) + +### Nested Schema for `spec.daemon_set.pod_template.spec.containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.daemon_set.pod_template.spec.containers.working_dir.capabilities` @@ -772,8 +785,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -910,8 +924,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -971,8 +985,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1048,8 +1062,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1109,8 +1123,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1646,6 +1660,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1657,6 +1672,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers--working_dir--windows_options)) + +### Nested Schema for `spec.daemon_set.pod_template.spec.ephemeral_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.daemon_set.pod_template.spec.ephemeral_containers.working_dir.capabilities` @@ -1793,8 +1820,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2282,6 +2310,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2293,6 +2322,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers--working_dir--windows_options)) + +### Nested Schema for `spec.daemon_set.pod_template.spec.init_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.daemon_set.pod_template.spec.init_containers.working_dir.capabilities` @@ -2429,8 +2470,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2486,6 +2528,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2497,6 +2540,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--security_context--windows_options)) + +### Nested Schema for `spec.daemon_set.pod_template.spec.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.daemon_set.pod_template.spec.security_context.se_linux_options` @@ -2566,7 +2621,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2785,7 +2840,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--items--resource_field_ref)) @@ -2854,7 +2909,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3201,7 +3256,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) @@ -3465,7 +3520,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -3475,7 +3530,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -3485,9 +3540,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -3962,6 +4017,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -3973,6 +4029,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--containers--working_dir--windows_options)) + +### Nested Schema for `spec.deployment.pod_template.spec.containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.deployment.pod_template.spec.containers.working_dir.capabilities` @@ -4109,8 +4177,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -4247,8 +4316,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4308,8 +4377,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4385,8 +4454,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4446,8 +4515,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4983,6 +5052,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -4994,6 +5064,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers--working_dir--windows_options)) + +### Nested Schema for `spec.deployment.pod_template.spec.ephemeral_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.deployment.pod_template.spec.ephemeral_containers.working_dir.capabilities` @@ -5130,8 +5212,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -5619,6 +5702,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -5630,6 +5714,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers--working_dir--windows_options)) + +### Nested Schema for `spec.deployment.pod_template.spec.init_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.deployment.pod_template.spec.init_containers.working_dir.capabilities` @@ -5766,8 +5862,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -5823,6 +5920,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -5834,6 +5932,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--security_context--windows_options)) + +### Nested Schema for `spec.deployment.pod_template.spec.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.deployment.pod_template.spec.security_context.se_linux_options` @@ -5903,7 +6013,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -6122,7 +6232,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--items--resource_field_ref)) @@ -6191,7 +6301,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -6538,7 +6648,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) @@ -6831,6 +6941,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -6985,7 +7096,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -6995,7 +7106,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -7005,9 +7116,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -7482,6 +7593,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -7493,6 +7605,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--containers--working_dir--windows_options)) + +### Nested Schema for `spec.stateful_set.pod_template.spec.containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.stateful_set.pod_template.spec.containers.working_dir.capabilities` @@ -7629,8 +7753,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -7767,8 +7892,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -7828,8 +7953,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -7905,8 +8030,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -7966,8 +8091,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -8503,6 +8628,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--ephemeral_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--ephemeral_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -8514,6 +8640,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--ephemeral_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--ephemeral_containers--working_dir--windows_options)) + +### Nested Schema for `spec.stateful_set.pod_template.spec.ephemeral_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.stateful_set.pod_template.spec.ephemeral_containers.working_dir.capabilities` @@ -8650,8 +8788,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -9139,6 +9278,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--init_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -9150,6 +9290,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--init_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--init_containers--working_dir--windows_options)) + +### Nested Schema for `spec.stateful_set.pod_template.spec.init_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.stateful_set.pod_template.spec.init_containers.working_dir.capabilities` @@ -9286,8 +9438,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -9343,6 +9496,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -9354,6 +9508,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--security_context--windows_options)) + +### Nested Schema for `spec.stateful_set.pod_template.spec.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.stateful_set.pod_template.spec.security_context.se_linux_options` @@ -9423,7 +9589,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -9642,7 +9808,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--volumes--vsphere_volume--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--volumes--vsphere_volume--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--volumes--vsphere_volume--items--resource_field_ref)) @@ -9711,7 +9877,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -10058,7 +10224,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--stateful_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) @@ -10292,7 +10458,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--stateful_set--volume_claim_templates--status--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--stateful_set--volume_claim_templates--status--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -10364,7 +10530,7 @@ Optional: - `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC.Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource'Apart from above values - keys that are unprefixed or have kubernetes.io prefix are consideredreserved and hence may not be used.ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed.For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed'When this field is not set, it means that no resize operation is in progress for the given PVC.A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatusshould ignore the update for the purpose it was designed. For example - a controller thatonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other validresources associated with PVC.This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity.Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource'Apart from above values - keys that are unprefixed or have kubernetes.io prefix are consideredreserved and hence may not be used.Capacity reported here may be larger than the actual capacity when a volume expansion operationis requested.For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.If a volume expansion capacity request is lowered, allocatedResources is onlylowered if there are no expansion operations in progress and if the actual volume capacityis equal or lower than the requested capacity.A controller that receives PVC update with previously unknown resourceNameshould ignore the update for the purpose it was designed. For example - a controller thatonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other validresources associated with PVC.This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - `capacity` (Map of String) capacity represents the actual resources of the underlying volume. -- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--stateful_set--volume_claim_templates--status--conditions)) +- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--stateful_set--volume_claim_templates--status--conditions)) - `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaimThis is an alpha field and requires enabling VolumeAttributesClass feature. - `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.When this is unset, there is no ModifyVolume operation being attempted.This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--stateful_set--volume_claim_templates--status--modify_volume_status)) - `phase` (String) phase represents the current phase of PersistentVolumeClaim. @@ -10382,7 +10548,7 @@ Optional: - `last_probe_time` (String) lastProbeTime is the time we probed the condition. - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another. - `message` (String) message is the human-readable message indicating details about last transition. -- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized. +- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized. diff --git a/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1_manifest.md b/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1_manifest.md index df1742ba9..26bf856f1 100644 --- a/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1_manifest.md +++ b/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1_manifest.md @@ -178,7 +178,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--environment--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--environment--patches--type--merge_options)) ### Nested Schema for `spec.environment.patches.type.merge_options` @@ -353,7 +353,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--patch_sets--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--patch_sets--patches--type--merge_options)) ### Nested Schema for `spec.patch_sets.patches.type.merge_options` @@ -589,7 +589,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--resources--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--resources--patches--type--merge_options)) ### Nested Schema for `spec.resources.patches.type.merge_options` diff --git a/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.md b/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.md index e94b3f1a9..bbfee36f3 100644 --- a/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.md +++ b/docs/data-sources/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.md @@ -178,7 +178,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--environment--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--environment--patches--type--merge_options)) ### Nested Schema for `spec.environment.patches.type.merge_options` @@ -353,7 +353,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--patch_sets--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--patch_sets--patches--type--merge_options)) ### Nested Schema for `spec.patch_sets.patches.type.merge_options` @@ -589,7 +589,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--resources--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--resources--patches--type--merge_options)) ### Nested Schema for `spec.resources.patches.type.merge_options` diff --git a/docs/data-sources/apiextensions_crossplane_io_composition_v1_manifest.md b/docs/data-sources/apiextensions_crossplane_io_composition_v1_manifest.md index 5b5748b83..8449d7515 100644 --- a/docs/data-sources/apiextensions_crossplane_io_composition_v1_manifest.md +++ b/docs/data-sources/apiextensions_crossplane_io_composition_v1_manifest.md @@ -177,7 +177,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--environment--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--environment--patches--type--merge_options)) ### Nested Schema for `spec.environment.patches.type.merge_options` @@ -352,7 +352,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--patch_sets--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--patch_sets--patches--type--merge_options)) ### Nested Schema for `spec.patch_sets.patches.type.merge_options` @@ -588,7 +588,7 @@ Required: Optional: - `from_field_path` (String) FromFieldPath specifies how to patch from a field path. The default is'Optional', which means the patch will be a no-op if the specifiedfromFieldPath does not exist. Use 'Required' if the patch should fail ifthe specified path does not exist. -- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path (see [below for nested schema](#nestedatt--spec--resources--patches--type--merge_options)) +- `merge_options` (Attributes) MergeOptions Specifies merge options on a field path. (see [below for nested schema](#nestedatt--spec--resources--patches--type--merge_options)) ### Nested Schema for `spec.resources.patches.type.merge_options` diff --git a/docs/data-sources/apm_k8s_elastic_co_apm_server_v1_manifest.md b/docs/data-sources/apm_k8s_elastic_co_apm_server_v1_manifest.md index 75d54fcdd..28b932f37 100644 --- a/docs/data-sources/apm_k8s_elastic_co_apm_server_v1_manifest.md +++ b/docs/data-sources/apm_k8s_elastic_co_apm_server_v1_manifest.md @@ -132,6 +132,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -251,7 +252,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -261,7 +262,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -271,9 +272,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -748,6 +749,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -759,6 +761,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -895,8 +909,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -1033,8 +1048,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1094,8 +1109,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1171,8 +1186,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1232,8 +1247,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1769,6 +1784,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1780,6 +1796,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -1916,8 +1944,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2405,6 +2434,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2416,6 +2446,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -2552,8 +2594,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2609,6 +2652,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2620,6 +2664,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.se_linux_options` @@ -2689,7 +2745,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2908,7 +2964,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--resource_field_ref)) @@ -2977,7 +3033,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3324,7 +3380,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--resource_field_ref)) diff --git a/docs/data-sources/apm_k8s_elastic_co_apm_server_v1beta1_manifest.md b/docs/data-sources/apm_k8s_elastic_co_apm_server_v1beta1_manifest.md index b053a05fb..f40ed9f42 100644 --- a/docs/data-sources/apm_k8s_elastic_co_apm_server_v1beta1_manifest.md +++ b/docs/data-sources/apm_k8s_elastic_co_apm_server_v1beta1_manifest.md @@ -127,6 +127,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -235,7 +236,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -245,7 +246,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -255,9 +256,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -732,6 +733,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -743,6 +745,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -879,8 +893,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -1017,8 +1032,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1078,8 +1093,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1155,8 +1170,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1216,8 +1231,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1753,6 +1768,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1764,6 +1780,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -1900,8 +1928,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2389,6 +2418,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2400,6 +2430,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -2536,8 +2578,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2593,6 +2636,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2604,6 +2648,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.se_linux_options` @@ -2673,7 +2729,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2892,7 +2948,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--resource_field_ref)) @@ -2961,7 +3017,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3308,7 +3364,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--resource_field_ref)) diff --git a/docs/data-sources/app_terraform_io_agent_pool_v1alpha2_manifest.md b/docs/data-sources/app_terraform_io_agent_pool_v1alpha2_manifest.md index f638c8142..11db3d14f 100644 --- a/docs/data-sources/app_terraform_io_agent_pool_v1alpha2_manifest.md +++ b/docs/data-sources/app_terraform_io_agent_pool_v1alpha2_manifest.md @@ -3393,7 +3393,7 @@ Required: Optional: - `cooldown_period_seconds` (Number) CooldownPeriodSeconds is the time to wait between scaling events. Defaults to 300. -- `target_workspaces` (Attributes List) TargetWorkspaces is a list of Terraform Cloud Workspaces whichthe agent pool should scale up to meet demand. When this fieldis ommited the autoscaler will target all workspaces that areassociated with the AgentPool. (see [below for nested schema](#nestedatt--spec--autoscaling--target_workspaces)) +- `target_workspaces` (Attributes List) TargetWorkspaces is a list of HCP Terraform Workspaces whichthe agent pool should scale up to meet demand. When this fieldis ommited the autoscaler will target all workspaces that areassociated with the AgentPool. (see [below for nested schema](#nestedatt--spec--autoscaling--target_workspaces)) ### Nested Schema for `spec.autoscaling.target_workspaces` diff --git a/docs/data-sources/app_terraform_io_workspace_v1alpha2_manifest.md b/docs/data-sources/app_terraform_io_workspace_v1alpha2_manifest.md index 26edbc5f2..e20d2046c 100644 --- a/docs/data-sources/app_terraform_io_workspace_v1alpha2_manifest.md +++ b/docs/data-sources/app_terraform_io_workspace_v1alpha2_manifest.md @@ -58,7 +58,7 @@ Required: Optional: -- `agent_pool` (Attributes) Terraform Cloud Agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure.More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents (see [below for nested schema](#nestedatt--spec--agent_pool)) +- `agent_pool` (Attributes) HCP Terraform Agents allow HCP Terraform to communicate with isolated, private, or on-premises infrastructure.More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents (see [below for nested schema](#nestedatt--spec--agent_pool)) - `allow_destroy_plan` (Boolean) Allows a destroy plan to be created and applied.Default: 'true'.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#destruction-and-deletion - `apply_method` (String) Define either change will be applied automatically(auto) or require an operator to confirm(manual).Must be one of the following values: 'auto', 'manual'.Default: 'manual'.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#auto-apply-and-manual-apply - `description` (String) Workspace description. @@ -66,12 +66,12 @@ Optional: - `execution_mode` (String) Define where the Terraform code will be executed.Must be one of the following values: 'agent', 'local', 'remote'.Default: 'remote'.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings#execution-mode - `notifications` (Attributes List) Notifications allow you to send messages to other applications based on run and workspace events.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/notifications (see [below for nested schema](#nestedatt--spec--notifications)) - `project` (Attributes) Projects let you organize your workspaces into groups.Default: default organization project.More information: - https://developer.hashicorp.com/terraform/tutorials/cloud/projects (see [below for nested schema](#nestedatt--spec--project)) -- `remote_state_sharing` (Attributes) Remote state access between workspaces.By default, new workspaces in Terraform Cloud do not allow other workspaces to access their state.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces (see [below for nested schema](#nestedatt--spec--remote_state_sharing)) -- `run_tasks` (Attributes List) Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks (see [below for nested schema](#nestedatt--spec--run_tasks)) +- `remote_state_sharing` (Attributes) Remote state access between workspaces.By default, new workspaces in HCP Terraform do not allow other workspaces to access their state.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces (see [below for nested schema](#nestedatt--spec--remote_state_sharing)) +- `run_tasks` (Attributes List) Run tasks allow HCP Terraform to interact with external systems at specific points in the HCP Terraform run lifecycle.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks (see [below for nested schema](#nestedatt--spec--run_tasks)) - `run_triggers` (Attributes List) Run triggers allow you to connect this workspace to one or more source workspaces.These connections allow runs to queue automatically in this workspace on successful apply of runs in any of the source workspaces.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-triggers (see [below for nested schema](#nestedatt--spec--run_triggers)) - `ssh_key` (Attributes) SSH key used to clone Terraform modules.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/ssh-keys (see [below for nested schema](#nestedatt--spec--ssh_key)) - `tags` (List of String) Workspace tags are used to help identify and group together workspaces.Tags must be one or more characters; can include letters, numbers, colons, hyphens, and underscores; and must begin and end with a letter or number. -- `team_access` (Attributes List) Terraform Cloud workspaces can only be accessed by users with the correct permissions.You can manage permissions for a workspace on a per-team basis.When a workspace is created, only the owners team and teams with the 'manage workspaces' permission can access it,with full admin permissions. These teams' access can't be removed from a workspace.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access (see [below for nested schema](#nestedatt--spec--team_access)) +- `team_access` (Attributes List) HCP Terraform workspaces can only be accessed by users with the correct permissions.You can manage permissions for a workspace on a per-team basis.When a workspace is created, only the owners team and teams with the 'manage workspaces' permission can access it,with full admin permissions. These teams' access can't be removed from a workspace.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access (see [below for nested schema](#nestedatt--spec--team_access)) - `terraform_variables` (Attributes List) Terraform variables for all plans and applies in this workspace.Variables defined within a workspace always overwrite variables from variable sets that have the same type and the same key.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/variables#terraform-variables (see [below for nested schema](#nestedatt--spec--terraform_variables)) - `terraform_version` (String) The version of Terraform to use for this workspace.If not specified, the latest available version will be used.Must match pattern: '^d{1}.d{1,2}.d{1,2}$'More information: - https://www.terraform.io/cloud-docs/workspaces/settings#terraform-version - `version_control` (Attributes) Settings for the workspace's VCS repository, enabling the UI/VCS-driven run workflow.Omit this argument to utilize the CLI-driven and API-driven workflows, where runs are not driven by webhooks on your VCS provider.More information: - https://www.terraform.io/cloud-docs/run/ui - https://www.terraform.io/cloud-docs/vcs (see [below for nested schema](#nestedatt--spec--version_control)) @@ -168,7 +168,7 @@ Required: Optional: -- `email_addresses` (List of String) The list of email addresses that will receive notification emails.It is only available for Terraform Enterprise users. It is not available in Terraform Cloud. +- `email_addresses` (List of String) The list of email addresses that will receive notification emails.It is only available for Terraform Enterprise users. It is not available in HCP Terraform. - `email_users` (List of String) The list of users belonging to the organization that will receive notification emails. - `enabled` (Boolean) Whether the notification configuration should be enabled or not.Default: 'true'. - `token` (String) The token of the notification. diff --git a/docs/data-sources/apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest.md index 8c1650aa8..cabe38d31 100644 --- a/docs/data-sources/apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest.md @@ -55,10 +55,10 @@ Optional: Required: - `backup_policies` (Attributes List) Represents an array of BackupPolicy templates, with each template corresponding to a specified ComponentDefinition or to a group of ComponentDefinitions that are different versions of definitions of the same component. (see [below for nested schema](#nestedatt--spec--backup_policies)) -- `cluster_definition_ref` (String) Specifies the name of a ClusterDefinition. This is an immutable attribute that cannot be changed after creation. Optional: +- `cluster_definition_ref` (String) Specifies the name of a ClusterDefinition. This is an immutable attribute that cannot be changed after creation. And this field is deprecated since v0.9, consider using the ComponentDef instead. - `identifier` (String) Specifies a unique identifier for the BackupPolicyTemplate. This identifier will be used as the suffix of the name of automatically generated BackupPolicy. This prevents unintended overwriting of BackupPolicies due to name conflicts when multiple BackupPolicyTemplates are present. For instance, using 'backup-policy' for regular backups and 'backup-policy-hscale' for horizontal-scale ops can differentiate the policies. diff --git a/docs/data-sources/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.md index 83278a0ed..187639a6d 100644 --- a/docs/data-sources/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.md @@ -154,7 +154,6 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. -- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. - `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: @@ -167,6 +166,7 @@ Optional: - `legacy_rendered_config_spec` (Attributes) Specifies the secondary rendered config spec for pod-specific customization. The template is rendered inside the pod (by the 'config-manager' sidecar container) and merged with the main template's render result to generate the final configuration file. This field is intended to handle scenarios where different pods within the same Component have varying configurations. It allows for pod-specific customization of the configuration. Note: This field will be deprecated in future versions, and the functionality will be moved to 'cluster.spec.componentSpecs[*].instances[*]'. (see [below for nested schema](#nestedatt--spec--component_defs--config_specs--legacy_rendered_config_spec)) - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace. - `re_render_resource_types` (List of String) Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes. In some scenarios, the configuration may need to be updated to reflect the changes in resource allocation or cluster topology. Examples: - Redis: adjust maxmemory after v-scale operation. - MySQL: increase max connections after v-scale operation. - Zookeeper: update zoo.cfg with new node addresses after h-scale operation. +- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. ### Nested Schema for `spec.component_defs.config_specs.legacy_rendered_config_spec` @@ -3764,13 +3764,13 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. -- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. - `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: - `default_mode` (Number) Deprecated: DefaultMode is deprecated since 0.9.0 and will be removed in 0.10.0 for scripts, auto set 0555 for configs, auto set 0444 Refers to the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace. +- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. diff --git a/docs/data-sources/apps_kubeblocks_io_cluster_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_cluster_v1alpha1_manifest.md index 9e8db5b16..04a682d85 100644 --- a/docs/data-sources/apps_kubeblocks_io_cluster_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_cluster_v1alpha1_manifest.md @@ -117,6 +117,7 @@ Optional: - `affinity` (Attributes) Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. Deprecated since v0.10, replaced by the 'schedulingPolicy' field. (see [below for nested schema](#nestedatt--spec--component_specs--affinity)) - `component_def` (String) References the name of a ComponentDefinition object. The ComponentDefinition specifies the behavior and characteristics of the Component. If both 'componentDefRef' and 'componentDef' are provided, the 'componentDef' will take precedence over 'componentDefRef'. - `component_def_ref` (String) References a ClusterComponentDefinition defined in the 'clusterDefinition.spec.componentDef' field. Must comply with the IANA service naming rule. Deprecated since v0.9, because defining Components in 'clusterDefinition.spec.componentDef' field has been deprecated. This field is replaced by the 'componentDef' field, use 'componentDef' instead. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. TODO +kubebuilder:validation:XValidation:rule='self == oldSelf',message='componentDefRef is immutable' +- `configs` (Attributes List) (see [below for nested schema](#nestedatt--spec--component_specs--configs)) - `enabled_logs` (List of String) Specifies which types of logs should be collected for the Component. The log types are defined in the 'componentDefinition.spec.logConfigs' field with the LogConfig entries. The elements in the 'enabledLogs' array correspond to the names of the LogConfig entries. For example, if the 'componentDefinition.spec.logConfigs' defines LogConfig entries with names 'slow_query_log' and 'error_log', you can enable the collection of these logs by including their names in the 'enabledLogs' array: '''yaml enabledLogs: - slow_query_log - error_log ''' - `instances` (Attributes List) Allows for the customization of configuration values for each instance within a Component. An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules. (see [below for nested schema](#nestedatt--spec--component_specs--instances)) - `issuer` (Attributes) Specifies the configuration for the TLS certificates issuer. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. Required when TLS is enabled. (see [below for nested schema](#nestedatt--spec--component_specs--issuer)) @@ -148,6 +149,39 @@ Optional: - `topology_keys` (List of String) Represents the key of node labels used to define the topology domain for Pod anti-affinity and Pod spread constraints. In K8s, a topology domain is a set of nodes that have the same value for a specific label key. Nodes with labels containing any of the specified TopologyKeys and identical values are considered to be in the same topology domain. Note: The concept of topology in the context of K8s TopologyKeys is different from the concept of topology in the ClusterDefinition. When a Pod has anti-affinity or spread constraints specified, Kubernetes will attempt to schedule the Pod on nodes with different values for the specified TopologyKeys. This ensures that Pods are spread across different topology domains, promoting high availability and reducing the impact of node failures. Some well-known label keys, such as 'kubernetes.io/hostname' and 'topology.kubernetes.io/zone', are often used as TopologyKey. These keys represent the hostname and zone of a node, respectively. By including these keys in the TopologyKeys list, Pods will be spread across nodes with different hostnames or zones. In addition to the well-known keys, users can also specify custom label keys as TopologyKeys. This allows for more flexible and custom topology definitions based on the specific needs of the application or environment. The TopologyKeys field is a slice of strings, where each string represents a label key. The order of the keys in the slice does not matter. + +### Nested Schema for `spec.component_specs.configs` + +Optional: + +- `config_map` (Attributes) ConfigMap source for the config. (see [below for nested schema](#nestedatt--spec--component_specs--configs--config_map)) +- `name` (String) The name of the config. + + +### Nested Schema for `spec.component_specs.configs.config_map` + +Optional: + +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--component_specs--configs--name--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined + + +### Nested Schema for `spec.component_specs.configs.name.items` + +Required: + +- `key` (String) key is the key to project. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + +Optional: + +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + + + + ### Nested Schema for `spec.component_specs.instances` @@ -2271,6 +2305,7 @@ Optional: - `affinity` (Attributes) Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the K8s cluster. Deprecated since v0.10, replaced by the 'schedulingPolicy' field. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--affinity)) - `component_def` (String) References the name of a ComponentDefinition object. The ComponentDefinition specifies the behavior and characteristics of the Component. If both 'componentDefRef' and 'componentDef' are provided, the 'componentDef' will take precedence over 'componentDefRef'. - `component_def_ref` (String) References a ClusterComponentDefinition defined in the 'clusterDefinition.spec.componentDef' field. Must comply with the IANA service naming rule. Deprecated since v0.9, because defining Components in 'clusterDefinition.spec.componentDef' field has been deprecated. This field is replaced by the 'componentDef' field, use 'componentDef' instead. This field is maintained for backward compatibility and its use is discouraged. Existing usage should be updated to the current preferred approach to avoid compatibility issues in future releases. TODO +kubebuilder:validation:XValidation:rule='self == oldSelf',message='componentDefRef is immutable' +- `configs` (Attributes List) (see [below for nested schema](#nestedatt--spec--sharding_specs--template--configs)) - `enabled_logs` (List of String) Specifies which types of logs should be collected for the Component. The log types are defined in the 'componentDefinition.spec.logConfigs' field with the LogConfig entries. The elements in the 'enabledLogs' array correspond to the names of the LogConfig entries. For example, if the 'componentDefinition.spec.logConfigs' defines LogConfig entries with names 'slow_query_log' and 'error_log', you can enable the collection of these logs by including their names in the 'enabledLogs' array: '''yaml enabledLogs: - slow_query_log - error_log ''' - `instances` (Attributes List) Allows for the customization of configuration values for each instance within a Component. An instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. The sum of replicas across all InstanceTemplates should not exceed the total number of replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--instances)) - `issuer` (Attributes) Specifies the configuration for the TLS certificates issuer. It allows defining the issuer name and the reference to the secret containing the TLS certificates and key. The secret should contain the CA certificate, TLS certificate, and private key in the specified keys. Required when TLS is enabled. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--issuer)) @@ -2302,6 +2337,39 @@ Optional: - `topology_keys` (List of String) Represents the key of node labels used to define the topology domain for Pod anti-affinity and Pod spread constraints. In K8s, a topology domain is a set of nodes that have the same value for a specific label key. Nodes with labels containing any of the specified TopologyKeys and identical values are considered to be in the same topology domain. Note: The concept of topology in the context of K8s TopologyKeys is different from the concept of topology in the ClusterDefinition. When a Pod has anti-affinity or spread constraints specified, Kubernetes will attempt to schedule the Pod on nodes with different values for the specified TopologyKeys. This ensures that Pods are spread across different topology domains, promoting high availability and reducing the impact of node failures. Some well-known label keys, such as 'kubernetes.io/hostname' and 'topology.kubernetes.io/zone', are often used as TopologyKey. These keys represent the hostname and zone of a node, respectively. By including these keys in the TopologyKeys list, Pods will be spread across nodes with different hostnames or zones. In addition to the well-known keys, users can also specify custom label keys as TopologyKeys. This allows for more flexible and custom topology definitions based on the specific needs of the application or environment. The TopologyKeys field is a slice of strings, where each string represents a label key. The order of the keys in the slice does not matter. + +### Nested Schema for `spec.sharding_specs.template.configs` + +Optional: + +- `config_map` (Attributes) ConfigMap source for the config. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--volume_claim_templates--config_map)) +- `name` (String) The name of the config. + + +### Nested Schema for `spec.sharding_specs.template.volume_claim_templates.config_map` + +Optional: + +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--sharding_specs--template--volume_claim_templates--config_map--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined + + +### Nested Schema for `spec.sharding_specs.template.volume_claim_templates.config_map.items` + +Required: + +- `key` (String) key is the key to project. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + +Optional: + +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + + + + ### Nested Schema for `spec.sharding_specs.template.instances` diff --git a/docs/data-sources/apps_kubeblocks_io_cluster_version_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_cluster_version_v1alpha1_manifest.md index 65294ee3b..51f5ed05b 100644 --- a/docs/data-sources/apps_kubeblocks_io_cluster_version_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_cluster_version_v1alpha1_manifest.md @@ -86,7 +86,6 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. -- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. - `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: @@ -99,6 +98,7 @@ Optional: - `legacy_rendered_config_spec` (Attributes) Specifies the secondary rendered config spec for pod-specific customization. The template is rendered inside the pod (by the 'config-manager' sidecar container) and merged with the main template's render result to generate the final configuration file. This field is intended to handle scenarios where different pods within the same Component have varying configurations. It allows for pod-specific customization of the configuration. Note: This field will be deprecated in future versions, and the functionality will be moved to 'cluster.spec.componentSpecs[*].instances[*]'. (see [below for nested schema](#nestedatt--spec--component_versions--config_specs--legacy_rendered_config_spec)) - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace. - `re_render_resource_types` (List of String) Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes. In some scenarios, the configuration may need to be updated to reflect the changes in resource allocation or cluster topology. Examples: - Redis: adjust maxmemory after v-scale operation. - MySQL: increase max connections after v-scale operation. - Zookeeper: update zoo.cfg with new node addresses after h-scale operation. +- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. ### Nested Schema for `spec.component_versions.config_specs.legacy_rendered_config_spec` diff --git a/docs/data-sources/apps_kubeblocks_io_component_definition_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_component_definition_v1alpha1_manifest.md index 727436766..1c4d78869 100644 --- a/docs/data-sources/apps_kubeblocks_io_component_definition_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_component_definition_v1alpha1_manifest.md @@ -60,7 +60,7 @@ Optional: - `annotations` (Map of String) Specifies static annotations that will be patched to all Kubernetes resources created for the Component. Note: If an annotation key in the 'annotations' field conflicts with any system annotations or user-specified annotations, it will be silently ignored to avoid overriding higher-priority annotations. This field is immutable. - `builtin_monitor_container` (Attributes) Defines the built-in metrics exporter container. (see [below for nested schema](#nestedatt--spec--builtin_monitor_container)) -- `configs` (Attributes List) Specifies the configuration file templates and volume mount parameters used by the Component. It also includes descriptions of the parameters in the ConfigMaps, such as value range limitations. This field specifies a list of templates that will be rendered into Component containers' configuration files. Each template is represented as a ConfigMap and may contain multiple configuration files, with each file being a key in the ConfigMap. The rendered configuration files will be mounted into the Component's containers according to the specified volume mount parameters. This field is immutable. TODO: support referencing configs from other components or clusters. (see [below for nested schema](#nestedatt--spec--configs)) +- `configs` (Attributes List) Specifies the configuration file templates and volume mount parameters used by the Component. It also includes descriptions of the parameters in the ConfigMaps, such as value range limitations. This field specifies a list of templates that will be rendered into Component containers' configuration files. Each template is represented as a ConfigMap and may contain multiple configuration files, with each file being a key in the ConfigMap. The rendered configuration files will be mounted into the Component's containers according to the specified volume mount parameters. This field is immutable. (see [below for nested schema](#nestedatt--spec--configs)) - `description` (String) Provides a brief and concise explanation of the Component's purpose, functionality, and any relevant details. It serves as a quick reference for users to understand the Component's role and characteristics. - `host_network` (Attributes) Specifies the host network configuration for the Component. When 'hostNetwork' option is enabled, the Pods share the host's network namespace and can directly access the host's network interfaces. This means that if multiple Pods need to use the same port, they cannot run on the same host simultaneously due to port conflicts. The DNSPolicy field in the Pod spec determines how containers within the Pod perform DNS resolution. When using hostNetwork, the operator will set the DNSPolicy to 'ClusterFirstWithHostNet'. With this policy, DNS queries will first go through the K8s cluster's DNS service. If the query fails, it will fall back to the host's DNS settings. If set, the DNS policy will be automatically set to 'ClusterFirstWithHostNet'. (see [below for nested schema](#nestedatt--spec--host_network)) - `labels` (Map of String) Specifies static labels that will be patched to all Kubernetes resources created for the Component. Note: If a label key in the 'labels' field conflicts with any system labels or user-specified labels, it will be silently ignored to avoid overriding higher-priority labels. This field is immutable. @@ -3299,7 +3299,6 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. -- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. - `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: @@ -3312,6 +3311,7 @@ Optional: - `legacy_rendered_config_spec` (Attributes) Specifies the secondary rendered config spec for pod-specific customization. The template is rendered inside the pod (by the 'config-manager' sidecar container) and merged with the main template's render result to generate the final configuration file. This field is intended to handle scenarios where different pods within the same Component have varying configurations. It allows for pod-specific customization of the configuration. Note: This field will be deprecated in future versions, and the functionality will be moved to 'cluster.spec.componentSpecs[*].instances[*]'. (see [below for nested schema](#nestedatt--spec--configs--legacy_rendered_config_spec)) - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace. - `re_render_resource_types` (List of String) Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes. In some scenarios, the configuration may need to be updated to reflect the changes in resource allocation or cluster topology. Examples: - Redis: adjust maxmemory after v-scale operation. - MySQL: increase max connections after v-scale operation. - Zookeeper: update zoo.cfg with new node addresses after h-scale operation. +- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. ### Nested Schema for `spec.configs.legacy_rendered_config_spec` @@ -5291,13 +5291,13 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. -- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. - `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: - `default_mode` (Number) Deprecated: DefaultMode is deprecated since 0.9.0 and will be removed in 0.10.0 for scripts, auto set 0555 for configs, auto set 0444 Refers to the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace. +- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. diff --git a/docs/data-sources/apps_kubeblocks_io_component_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_component_v1alpha1_manifest.md index 9e13fb4c6..7feee4306 100644 --- a/docs/data-sources/apps_kubeblocks_io_component_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_component_v1alpha1_manifest.md @@ -61,7 +61,7 @@ Required: Optional: - `affinity` (Attributes) Specifies a group of affinity scheduling rules for the Component. It allows users to control how the Component's Pods are scheduled onto nodes in the Cluster. Deprecated since v0.10, replaced by the 'schedulingPolicy' field. (see [below for nested schema](#nestedatt--spec--affinity)) -- `configs` (Attributes List) Reserved field for future use. (see [below for nested schema](#nestedatt--spec--configs)) +- `configs` (Attributes List) (see [below for nested schema](#nestedatt--spec--configs)) - `enabled_logs` (List of String) Specifies which types of logs should be collected for the Cluster. The log types are defined in the 'componentDefinition.spec.logConfigs' field with the LogConfig entries. The elements in the 'enabledLogs' array correspond to the names of the LogConfig entries. For example, if the 'componentDefinition.spec.logConfigs' defines LogConfig entries with names 'slow_query_log' and 'error_log', you can enable the collection of these logs by including their names in the 'enabledLogs' array: '''yaml enabledLogs: - slow_query_log - error_log ''' - `instances` (Attributes List) Allows for the customization of configuration values for each instance within a Component. An Instance represent a single replica (Pod and associated K8s resources like PVCs, Services, and ConfigMaps). While instances typically share a common configuration as defined in the ClusterComponentSpec, they can require unique settings in various scenarios: For example: - A database Component might require different resource allocations for primary and secondary instances, with primaries needing more resources. - During a rolling upgrade, a Component may first update the image for one or a few instances, and then update the remaining instances after verifying that the updated instances are functioning correctly. InstanceTemplate allows for specifying these unique configurations per instance. Each instance's name is constructed using the pattern: $(component.name)-$(template.name)-$(ordinal), starting with an ordinal of 0. It is crucial to maintain unique names for each InstanceTemplate to avoid conflicts. The sum of replicas across all InstanceTemplates should not exceed the total number of Replicas specified for the Component. Any remaining replicas will be generated using the default template and will follow the default naming rules. (see [below for nested schema](#nestedatt--spec--instances)) - `monitor_enabled` (Boolean) Determines whether metrics exporter information is annotated on the Component's headless Service. If set to true, the following annotations will be patched into the Service: - 'monitor.kubeblocks.io/path' - 'monitor.kubeblocks.io/port' - 'monitor.kubeblocks.io/scheme' These annotations allow the Prometheus installed by KubeBlocks to discover and scrape metrics from the exporter. @@ -92,34 +92,33 @@ Optional: ### Nested Schema for `spec.configs` -Required: +Optional: + +- `config_map` (Attributes) ConfigMap source for the config. (see [below for nested schema](#nestedatt--spec--configs--config_map)) +- `name` (String) The name of the config. -- `name` (String) Specifies the name of the configuration template. -- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. -- `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts. + +### Nested Schema for `spec.configs.config_map` Optional: -- `as_env_from` (List of String) Specifies the containers to inject the ConfigMap parameters as environment variables. This is useful when application images accept parameters through environment variables and generate the final configuration file in the startup script based on these variables. This field allows users to specify a list of container names, and KubeBlocks will inject the environment variables converted from the ConfigMap into these designated containers. This provides a flexible way to pass the configuration items from the ConfigMap to the container without modifying the image. Deprecated: 'asEnvFrom' has been deprecated since 0.9.0 and will be removed in 0.10.0. Use 'injectEnvTo' instead. -- `constraint_ref` (String) Specifies the name of the referenced configuration constraints object. -- `default_mode` (Number) Deprecated: DefaultMode is deprecated since 0.9.0 and will be removed in 0.10.0 for scripts, auto set 0555 for configs, auto set 0444 Refers to the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -- `inject_env_to` (List of String) Specifies the containers to inject the ConfigMap parameters as environment variables. This is useful when application images accept parameters through environment variables and generate the final configuration file in the startup script based on these variables. This field allows users to specify a list of container names, and KubeBlocks will inject the environment variables converted from the ConfigMap into these designated containers. This provides a flexible way to pass the configuration items from the ConfigMap to the container without modifying the image. -- `keys` (List of String) Specifies the configuration files within the ConfigMap that support dynamic updates. A configuration template (provided in the form of a ConfigMap) may contain templates for multiple configuration files. Each configuration file corresponds to a key in the ConfigMap. Some of these configuration files may support dynamic modification and reloading without requiring a pod restart. If empty or omitted, all configuration files in the ConfigMap are assumed to support dynamic updates, and ConfigConstraint applies to all keys. -- `legacy_rendered_config_spec` (Attributes) Specifies the secondary rendered config spec for pod-specific customization. The template is rendered inside the pod (by the 'config-manager' sidecar container) and merged with the main template's render result to generate the final configuration file. This field is intended to handle scenarios where different pods within the same Component have varying configurations. It allows for pod-specific customization of the configuration. Note: This field will be deprecated in future versions, and the functionality will be moved to 'cluster.spec.componentSpecs[*].instances[*]'. (see [below for nested schema](#nestedatt--spec--configs--legacy_rendered_config_spec)) -- `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace. -- `re_render_resource_types` (List of String) Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes. In some scenarios, the configuration may need to be updated to reflect the changes in resource allocation or cluster topology. Examples: - Redis: adjust maxmemory after v-scale operation. - MySQL: increase max connections after v-scale operation. - Zookeeper: update zoo.cfg with new node addresses after h-scale operation. +- `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--configs--config_map--items)) +- `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined - -### Nested Schema for `spec.configs.legacy_rendered_config_spec` + +### Nested Schema for `spec.configs.config_map.items` Required: -- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. +- `key` (String) key is the key to project. +- `path` (String) path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. Optional: -- `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace. -- `policy` (String) Defines the strategy for merging externally imported templates into component templates. +- `mode` (Number) mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + diff --git a/docs/data-sources/apps_kubeblocks_io_config_constraint_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_config_constraint_v1alpha1_manifest.md index 257598054..99e3225bb 100644 --- a/docs/data-sources/apps_kubeblocks_io_config_constraint_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_config_constraint_v1alpha1_manifest.md @@ -62,10 +62,10 @@ Optional: - `configuration_schema` (Attributes) Defines a list of parameters including their names, default values, descriptions, types, and constraints (permissible values or the range of valid values). (see [below for nested schema](#nestedatt--spec--configuration_schema)) - `downward_api_options` (Attributes List) Specifies a list of actions to execute specified commands based on Pod labels. It utilizes the K8s Downward API to mount label information as a volume into the pod. The 'config-manager' sidecar container watches for changes in the role label and dynamically invoke registered commands (usually execute some SQL statements) when a change is detected. It is designed for scenarios where: - Replicas with different roles have different configurations, such as Redis primary & secondary replicas. - After a role switch (e.g., from secondary to primary), some changes in configuration are needed to reflect the new role. (see [below for nested schema](#nestedatt--spec--downward_api_options)) - `dynamic_action_can_be_merged` (Boolean) Indicates whether to consolidate dynamic reload and restart actions into a single restart. - If true, updates requiring both actions will result in only a restart, merging the actions. - If false, updates will trigger both actions executed sequentially: first dynamic reload, then restart. This flag allows for more efficient handling of configuration changes by potentially eliminating an unnecessary reload step. -- `dynamic_parameter_selected_policy` (String) Configures whether the dynamic reload specified in 'reloadOptions' applies only to dynamic parameters or to all parameters (including static parameters). - 'dynamic' (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - 'all': Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart. - `dynamic_parameters` (List of String) List dynamic parameters. Modifications to these parameters trigger a configuration reload without requiring a process restart. - `immutable_parameters` (List of String) Lists the parameters that cannot be modified once set. Attempting to change any of these parameters will be ignored. - `reload_options` (Attributes) Specifies the dynamic reload action supported by the engine. When set, the controller executes the method defined here to execute hot parameter updates. Dynamic reloading is triggered only if both of the following conditions are met: 1. The modified parameters are listed in the 'dynamicParameters' field. If 'dynamicParameterSelectedPolicy' is set to 'all', modifications to 'staticParameters' can also trigger a reload. 2. 'reloadOptions' is set. If 'reloadOptions' is not set or the modified parameters are not listed in 'dynamicParameters', dynamic reloading will not be triggered. Example: '''yaml reloadOptions: tplScriptTrigger: namespace: kb-system scriptConfigMapRef: mysql-reload-script sync: true ''' (see [below for nested schema](#nestedatt--spec--reload_options)) +- `reload_static_params_before_restart` (Boolean) Configures whether the dynamic reload specified in 'reloadOptions' applies only to dynamic parameters or to all parameters (including static parameters). - false (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - true: Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart. - `script_configs` (Attributes List) A list of ScriptConfig Object. Each ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload and DownwardAction to perform specific tasks or configurations. (see [below for nested schema](#nestedatt--spec--script_configs)) - `selector` (Attributes) Used to match labels on the pod to determine whether a dynamic reload should be performed. In some scenarios, only specific pods (e.g., primary replicas) need to undergo a dynamic reload. The 'selector' allows you to specify label selectors to target the desired pods for the reload process. If the 'selector' is not specified or is nil, all pods managed by the workload will be considered for the dynamic reload. (see [below for nested schema](#nestedatt--spec--selector)) - `static_parameters` (List of String) List static parameters. Modifications to any of these parameters require a restart of the process to take effect. @@ -112,6 +112,7 @@ Required: Optional: - `command` (List of String) Specifies the command to be triggered when changes are detected in Downward API volume files. It relies on the inotify mechanism in the config-manager sidecar to monitor file changes. +- `script_config` (Attributes) ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the DownwardAction to perform specific tasks or configurations. (see [below for nested schema](#nestedatt--spec--downward_api_options--script_config)) ### Nested Schema for `spec.downward_api_options.items` @@ -152,6 +153,18 @@ Optional: + +### Nested Schema for `spec.downward_api_options.script_config` + +Required: + +- `script_config_map_ref` (String) Specifies the reference to the ConfigMap containing the scripts. + +Optional: + +- `namespace` (String) Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace. + + ### Nested Schema for `spec.reload_options` @@ -180,9 +193,46 @@ Required: Optional: -- `batch_parameters_template` (String) Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParametersTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 ''' +- `batch_params_formatter_template` (String) Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParamsFormatterTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 ''' - `batch_reload` (Boolean) Controls whether parameter updates are processed individually or collectively in a batch: - 'True': Processes all changes in one batch reload. - 'False': Processes each change individually. Defaults to 'False' if unspecified. +- `script_config` (Attributes) ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload. (see [below for nested schema](#nestedatt--spec--reload_options--shell_trigger--script_config)) - `sync` (Boolean) Determines the synchronization mode of parameter updates with 'config-manager'. - 'True': Executes reload actions synchronously, pausing until completion. - 'False': Executes reload actions asynchronously, without waiting for completion. +- `tools_setup` (Attributes) Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar. (see [below for nested schema](#nestedatt--spec--reload_options--shell_trigger--tools_setup)) + + +### Nested Schema for `spec.reload_options.shell_trigger.script_config` + +Required: + +- `script_config_map_ref` (String) Specifies the reference to the ConfigMap containing the scripts. + +Optional: + +- `namespace` (String) Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace. + + + +### Nested Schema for `spec.reload_options.shell_trigger.tools_setup` + +Required: + +- `mount_point` (String) Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation. + +Optional: + +- `tool_configs` (Attributes List) Specifies a list of settings of init containers that prepare tools for dynamic reload. (see [below for nested schema](#nestedatt--spec--reload_options--shell_trigger--tools_setup--tool_configs)) + + +### Nested Schema for `spec.reload_options.shell_trigger.tools_setup.tool_configs` + +Optional: + +- `as_container_image` (Boolean) Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools ''' +- `command` (List of String) Specifies the command to be executed by the init container. +- `image` (String) Specifies the tool container image. +- `name` (String) Specifies the name of the init container. + + @@ -258,7 +308,7 @@ Optional: Optional: -- `as_container_image` (Boolean) Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml reloadToolsImage: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools ''' +- `as_container_image` (Boolean) Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools ''' - `command` (List of String) Specifies the command to be executed by the init container. - `image` (String) Specifies the tool container image. - `name` (String) Specifies the name of the init container. diff --git a/docs/data-sources/apps_kubeblocks_io_config_constraint_v1beta1_manifest.md b/docs/data-sources/apps_kubeblocks_io_config_constraint_v1beta1_manifest.md index d8166e1ba..e36458fc2 100644 --- a/docs/data-sources/apps_kubeblocks_io_config_constraint_v1beta1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_config_constraint_v1beta1_manifest.md @@ -54,25 +54,22 @@ Optional: Required: -- `formatter_config` (Attributes) Specifies the format of the configuration file and any associated parameters that are specific to the chosen format. Supported formats include 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties', and 'toml'. Each format may have its own set of parameters that can be configured. For instance, when using the 'ini' format, you can specify the section name. Example: ''' formatterConfig: format: ini iniConfig: sectionName: mysqld ''' (see [below for nested schema](#nestedatt--spec--formatter_config)) +- `file_format_config` (Attributes) Specifies the format of the configuration file and any associated parameters that are specific to the chosen format. Supported formats include 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties', and 'toml'. Each format may have its own set of parameters that can be configured. For instance, when using the 'ini' format, you can specify the section name. Example: ''' fileFormatConfig: format: ini iniConfig: sectionName: mysqld ''' (see [below for nested schema](#nestedatt--spec--file_format_config)) Optional: - `config_schema` (Attributes) Defines a list of parameters including their names, default values, descriptions, types, and constraints (permissible values or the range of valid values). (see [below for nested schema](#nestedatt--spec--config_schema)) -- `config_schema_top_level_key` (String) Specifies the top-level key in the 'configSchema.cue' that organizes the validation rules for parameters. This key must exist within the CUE script defined in 'configSchema.cue'. -- `downward_actions` (Attributes List) Specifies a list of actions to execute specified commands based on Pod labels. It utilizes the K8s Downward API to mount label information as a volume into the pod. The 'config-manager' sidecar container watches for changes in the role label and dynamically invoke registered commands (usually execute some SQL statements) when a change is detected. It is designed for scenarios where: - Replicas with different roles have different configurations, such as Redis primary & secondary replicas. - After a role switch (e.g., from secondary to primary), some changes in configuration are needed to reflect the new role. (see [below for nested schema](#nestedatt--spec--downward_actions)) -- `dynamic_action_can_be_merged` (Boolean) Indicates whether to consolidate dynamic reload and restart actions into a single restart. - If true, updates requiring both actions will result in only a restart, merging the actions. - If false, updates will trigger both actions executed sequentially: first dynamic reload, then restart. This flag allows for more efficient handling of configuration changes by potentially eliminating an unnecessary reload step. -- `dynamic_parameter_selected_policy` (String) Configures whether the dynamic reload specified in 'dynamicReloadAction' applies only to dynamic parameters or to all parameters (including static parameters). - 'dynamic' (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - 'all': Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart. +- `downward_api_triggered_actions` (Attributes List) TODO: migrate DownwardAPITriggeredActions to ComponentDefinition.spec.lifecycleActions Specifies a list of actions to execute specified commands based on Pod labels. It utilizes the K8s Downward API to mount label information as a volume into the pod. The 'config-manager' sidecar container watches for changes in the role label and dynamically invoke registered commands (usually execute some SQL statements) when a change is detected. It is designed for scenarios where: - Replicas with different roles have different configurations, such as Redis primary & secondary replicas. - After a role switch (e.g., from secondary to primary), some changes in configuration are needed to reflect the new role. (see [below for nested schema](#nestedatt--spec--downward_api_triggered_actions)) - `dynamic_parameters` (List of String) List dynamic parameters. Modifications to these parameters trigger a configuration reload without requiring a process restart. -- `dynamic_reload_action` (Attributes) Specifies the dynamic reload (dynamic reconfiguration) actions supported by the engine. When set, the controller executes the scripts defined in these actions to handle dynamic parameter updates. Dynamic reloading is triggered only if both of the following conditions are met: 1. The modified parameters are listed in the 'dynamicParameters' field. If 'dynamicParameterSelectedPolicy' is set to 'all', modifications to 'staticParameters' can also trigger a reload. 2. 'dynamicReloadAction' is set. If 'dynamicReloadAction' is not set or the modified parameters are not listed in 'dynamicParameters', dynamic reloading will not be triggered. Example: '''yaml dynamicReloadAction: tplScriptTrigger: namespace: kb-system scriptConfigMapRef: mysql-reload-script sync: true ''' (see [below for nested schema](#nestedatt--spec--dynamic_reload_action)) -- `dynamic_reload_selector` (Attributes) Used to match labels on the pod to determine whether a dynamic reload should be performed. In some scenarios, only specific pods (e.g., primary replicas) need to undergo a dynamic reload. The 'dynamicReloadSelector' allows you to specify label selectors to target the desired pods for the reload process. If the 'dynamicReloadSelector' is not specified or is nil, all pods managed by the workload will be considered for the dynamic reload. (see [below for nested schema](#nestedatt--spec--dynamic_reload_selector)) - `immutable_parameters` (List of String) Lists the parameters that cannot be modified once set. Attempting to change any of these parameters will be ignored. -- `reload_tools_image` (Attributes) Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar. (see [below for nested schema](#nestedatt--spec--reload_tools_image)) -- `script_configs` (Attributes List) A list of ScriptConfig Object. Each ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload and DownwardAction to perform specific tasks or configurations. (see [below for nested schema](#nestedatt--spec--script_configs)) +- `merge_reload_and_restart` (Boolean) Indicates whether to consolidate dynamic reload and restart actions into a single restart. - If true, updates requiring both actions will result in only a restart, merging the actions. - If false, updates will trigger both actions executed sequentially: first dynamic reload, then restart. This flag allows for more efficient handling of configuration changes by potentially eliminating an unnecessary reload step. +- `reload_action` (Attributes) Specifies the dynamic reload (dynamic reconfiguration) actions supported by the engine. When set, the controller executes the scripts defined in these actions to handle dynamic parameter updates. Dynamic reloading is triggered only if both of the following conditions are met: 1. The modified parameters are listed in the 'dynamicParameters' field. If 'dynamicParameterSelectedPolicy' is set to 'all', modifications to 'staticParameters' can also trigger a reload. 2. 'reloadAction' is set. If 'reloadAction' is not set or the modified parameters are not listed in 'dynamicParameters', dynamic reloading will not be triggered. Example: '''yaml dynamicReloadAction: tplScriptTrigger: namespace: kb-system scriptConfigMapRef: mysql-reload-script sync: true ''' (see [below for nested schema](#nestedatt--spec--reload_action)) +- `reload_static_params_before_restart` (Boolean) Configures whether the dynamic reload specified in 'reloadAction' applies only to dynamic parameters or to all parameters (including static parameters). - false (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - true: Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart. +- `reloaded_pod_selector` (Attributes) Used to match labels on the pod to determine whether a dynamic reload should be performed. In some scenarios, only specific pods (e.g., primary replicas) need to undergo a dynamic reload. The 'reloadedPodSelector' allows you to specify label selectors to target the desired pods for the reload process. If the 'reloadedPodSelector' is not specified or is nil, all pods managed by the workload will be considered for the dynamic reload. (see [below for nested schema](#nestedatt--spec--reloaded_pod_selector)) - `static_parameters` (List of String) List static parameters. Modifications to any of these parameters require a restart of the process to take effect. - -### Nested Schema for `spec.formatter_config` + +### Nested Schema for `spec.file_format_config` Required: @@ -80,10 +77,10 @@ Required: Optional: -- `ini_config` (Attributes) Holds options specific to the 'ini' file format. (see [below for nested schema](#nestedatt--spec--formatter_config--ini_config)) +- `ini_config` (Attributes) Holds options specific to the 'ini' file format. (see [below for nested schema](#nestedatt--spec--file_format_config--ini_config)) - -### Nested Schema for `spec.formatter_config.ini_config` + +### Nested Schema for `spec.file_format_config.ini_config` Optional: @@ -98,23 +95,25 @@ Optional: - `cue` (String) Hold a string that contains a script written in CUE language that defines a list of configuration items. Each item is detailed with its name, default value, description, type (e.g. string, integer, float), and constraints (permissible values or the valid range of values). CUE (Configure, Unify, Execute) is a declarative language designed for defining and validating complex data configurations. It is particularly useful in environments like K8s where complex configurations and validation rules are common. This script functions as a validator for user-provided configurations, ensuring compliance with the established specifications and constraints. - `schema_in_json` (Map of String) Generated from the 'cue' field and transformed into a JSON format. +- `top_level_key` (String) Specifies the top-level key in the 'configSchema.cue' that organizes the validation rules for parameters. This key must exist within the CUE script defined in 'configSchema.cue'. - -### Nested Schema for `spec.downward_actions` + +### Nested Schema for `spec.downward_api_triggered_actions` Required: -- `items` (Attributes List) Represents a list of files under the Downward API volume. (see [below for nested schema](#nestedatt--spec--downward_actions--items)) +- `items` (Attributes List) Represents a list of files under the Downward API volume. (see [below for nested schema](#nestedatt--spec--downward_api_triggered_actions--items)) - `mount_point` (String) Specifies the mount point of the Downward API volume. - `name` (String) Specifies the name of the field. It must be a string of maximum length 63. The name should match the regex pattern '^[a-z0-9]([a-z0-9.-]*[a-z0-9])?$'. Optional: - `command` (List of String) Specifies the command to be triggered when changes are detected in Downward API volume files. It relies on the inotify mechanism in the config-manager sidecar to monitor file changes. +- `script_config` (Attributes) ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the DownwardAction to perform specific tasks or configurations. (see [below for nested schema](#nestedatt--spec--downward_api_triggered_actions--script_config)) - -### Nested Schema for `spec.downward_actions.items` + +### Nested Schema for `spec.downward_api_triggered_actions.items` Required: @@ -122,12 +121,12 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--downward_actions--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--downward_api_triggered_actions--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--downward_actions--items--resource_field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--downward_api_triggered_actions--items--resource_field_ref)) - -### Nested Schema for `spec.downward_actions.items.field_ref` + +### Nested Schema for `spec.downward_api_triggered_actions.items.field_ref` Required: @@ -138,8 +137,8 @@ Optional: - `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'. - -### Nested Schema for `spec.downward_actions.items.resource_field_ref` + +### Nested Schema for `spec.downward_api_triggered_actions.items.resource_field_ref` Required: @@ -152,27 +151,39 @@ Optional: + +### Nested Schema for `spec.downward_api_triggered_actions.script_config` + +Required: + +- `script_config_map_ref` (String) Specifies the reference to the ConfigMap containing the scripts. + +Optional: + +- `namespace` (String) Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace. + - -### Nested Schema for `spec.dynamic_reload_action` + + +### Nested Schema for `spec.reload_action` Optional: -- `auto_trigger` (Attributes) Automatically perform the reload when specified conditions are met. (see [below for nested schema](#nestedatt--spec--dynamic_reload_action--auto_trigger)) -- `shell_trigger` (Attributes) Allows to execute a custom shell script to reload the process. (see [below for nested schema](#nestedatt--spec--dynamic_reload_action--shell_trigger)) -- `tpl_script_trigger` (Attributes) Enables reloading process using a Go template script. (see [below for nested schema](#nestedatt--spec--dynamic_reload_action--tpl_script_trigger)) -- `unix_signal_trigger` (Attributes) Used to trigger a reload by sending a specific Unix signal to the process. (see [below for nested schema](#nestedatt--spec--dynamic_reload_action--unix_signal_trigger)) +- `auto_trigger` (Attributes) Automatically perform the reload when specified conditions are met. (see [below for nested schema](#nestedatt--spec--reload_action--auto_trigger)) +- `shell_trigger` (Attributes) Allows to execute a custom shell script to reload the process. (see [below for nested schema](#nestedatt--spec--reload_action--shell_trigger)) +- `tpl_script_trigger` (Attributes) Enables reloading process using a Go template script. (see [below for nested schema](#nestedatt--spec--reload_action--tpl_script_trigger)) +- `unix_signal_trigger` (Attributes) Used to trigger a reload by sending a specific Unix signal to the process. (see [below for nested schema](#nestedatt--spec--reload_action--unix_signal_trigger)) - -### Nested Schema for `spec.dynamic_reload_action.auto_trigger` + +### Nested Schema for `spec.reload_action.auto_trigger` Optional: - `process_name` (String) The name of the process. - -### Nested Schema for `spec.dynamic_reload_action.shell_trigger` + +### Nested Schema for `spec.reload_action.shell_trigger` Required: @@ -180,13 +191,14 @@ Required: Optional: -- `batch_parameters_template` (String) Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParametersTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 ''' +- `batch_params_formatter_template` (String) Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParamsFormatterTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 ''' - `batch_reload` (Boolean) Controls whether parameter updates are processed individually or collectively in a batch: - 'True': Processes all changes in one batch reload. - 'False': Processes each change individually. Defaults to 'False' if unspecified. +- `script_config` (Attributes) ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload. (see [below for nested schema](#nestedatt--spec--reload_action--shell_trigger--script_config)) - `sync` (Boolean) Determines the synchronization mode of parameter updates with 'config-manager'. - 'True': Executes reload actions synchronously, pausing until completion. - 'False': Executes reload actions asynchronously, without waiting for completion. +- `tools_setup` (Attributes) Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar. (see [below for nested schema](#nestedatt--spec--reload_action--shell_trigger--tools_setup)) - - -### Nested Schema for `spec.dynamic_reload_action.tpl_script_trigger` + +### Nested Schema for `spec.reload_action.shell_trigger.script_config` Required: @@ -195,71 +207,71 @@ Required: Optional: - `namespace` (String) Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace. -- `sync` (Boolean) Determines whether parameter updates should be synchronized with the 'config-manager'. Specifies the controller's reload strategy: - If set to 'True', the controller executes the reload action in synchronous mode, pausing execution until the reload completes. - If set to 'False', the controller executes the reload action in asynchronous mode, updating the ConfigMap without waiting for the reload process to finish. - -### Nested Schema for `spec.dynamic_reload_action.unix_signal_trigger` + +### Nested Schema for `spec.reload_action.shell_trigger.tools_setup` Required: -- `process_name` (String) Identifies the name of the process to which the Unix signal will be sent. -- `signal` (String) Specifies a valid Unix signal to be sent. For a comprehensive list of all Unix signals, see: ../../pkg/configuration/configmap/handler.go:allUnixSignals +- `mount_point` (String) Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation. +Optional: +- `tool_configs` (Attributes List) Specifies a list of settings of init containers that prepare tools for dynamic reload. (see [below for nested schema](#nestedatt--spec--reload_action--shell_trigger--tools_setup--tool_configs)) - -### Nested Schema for `spec.dynamic_reload_selector` + +### Nested Schema for `spec.reload_action.shell_trigger.tools_setup.tool_configs` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--dynamic_reload_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `as_container_image` (Boolean) Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools ''' +- `command` (List of String) Specifies the command to be executed by the init container. +- `image` (String) Specifies the tool container image. +- `name` (String) Specifies the name of the init container. + + + - -### Nested Schema for `spec.dynamic_reload_selector.match_expressions` + +### Nested Schema for `spec.reload_action.tpl_script_trigger` Required: -- `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `script_config_map_ref` (String) Specifies the reference to the ConfigMap containing the scripts. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - +- `namespace` (String) Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace. +- `sync` (Boolean) Determines whether parameter updates should be synchronized with the 'config-manager'. Specifies the controller's reload strategy: - If set to 'True', the controller executes the reload action in synchronous mode, pausing execution until the reload completes. - If set to 'False', the controller executes the reload action in asynchronous mode, updating the ConfigMap without waiting for the reload process to finish. - -### Nested Schema for `spec.reload_tools_image` + +### Nested Schema for `spec.reload_action.unix_signal_trigger` Required: -- `mount_point` (String) Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation. +- `process_name` (String) Identifies the name of the process to which the Unix signal will be sent. +- `signal` (String) Specifies a valid Unix signal to be sent. For a comprehensive list of all Unix signals, see: ../../pkg/configuration/configmap/handler.go:allUnixSignals -Optional: -- `tool_configs` (Attributes List) Specifies a list of settings of init containers that prepare tools for dynamic reload. (see [below for nested schema](#nestedatt--spec--reload_tools_image--tool_configs)) - -### Nested Schema for `spec.reload_tools_image.tool_configs` + +### Nested Schema for `spec.reloaded_pod_selector` Optional: -- `as_container_image` (Boolean) Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml reloadToolsImage: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools ''' -- `command` (List of String) Specifies the command to be executed by the init container. -- `image` (String) Specifies the tool container image. -- `name` (String) Specifies the name of the init container. - - +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--reloaded_pod_selector--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.script_configs` + +### Nested Schema for `spec.reloaded_pod_selector.match_expressions` Required: -- `script_config_map_ref` (String) Specifies the reference to the ConfigMap containing the scripts. +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `namespace` (String) Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. diff --git a/docs/data-sources/apps_kubeblocks_io_configuration_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_configuration_v1alpha1_manifest.md index 4c2d9c641..62576d0a0 100644 --- a/docs/data-sources/apps_kubeblocks_io_configuration_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_configuration_v1alpha1_manifest.md @@ -92,7 +92,6 @@ Optional: Required: - `name` (String) Specifies the name of the configuration template. -- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. - `volume_name` (String) Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts. Optional: @@ -105,6 +104,7 @@ Optional: - `legacy_rendered_config_spec` (Attributes) Specifies the secondary rendered config spec for pod-specific customization. The template is rendered inside the pod (by the 'config-manager' sidecar container) and merged with the main template's render result to generate the final configuration file. This field is intended to handle scenarios where different pods within the same Component have varying configurations. It allows for pod-specific customization of the configuration. Note: This field will be deprecated in future versions, and the functionality will be moved to 'cluster.spec.componentSpecs[*].instances[*]'. (see [below for nested schema](#nestedatt--spec--config_item_details--config_spec--legacy_rendered_config_spec)) - `namespace` (String) Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace. - `re_render_resource_types` (List of String) Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes. In some scenarios, the configuration may need to be updated to reflect the changes in resource allocation or cluster topology. Examples: - Redis: adjust maxmemory after v-scale operation. - MySQL: increase max connections after v-scale operation. - Zookeeper: update zoo.cfg with new node addresses after h-scale operation. +- `template_ref` (String) Specifies the name of the referenced configuration template ConfigMap object. ### Nested Schema for `spec.config_item_details.config_spec.legacy_rendered_config_spec` diff --git a/docs/data-sources/apps_kubeblocks_io_ops_definition_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_ops_definition_v1alpha1_manifest.md index 9b4bf0074..9379e93cf 100644 --- a/docs/data-sources/apps_kubeblocks_io_ops_definition_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_ops_definition_v1alpha1_manifest.md @@ -58,10 +58,10 @@ Required: Optional: -- `component_definition_refs` (Attributes List) Specifies a list of ComponentDefinition for Components associated with this OpsDefinition. It also includes connection credentials (address and account) for each Component. (see [below for nested schema](#nestedatt--spec--component_definition_refs)) +- `component_infos` (Attributes List) Specifies a list of ComponentDefinition for Components associated with this OpsDefinition. It also includes connection credentials (address and account) for each Component. (see [below for nested schema](#nestedatt--spec--component_infos)) - `parameters_schema` (Attributes) Specifies the schema for validating the data types and value ranges of parameters in OpsActions before their usage. (see [below for nested schema](#nestedatt--spec--parameters_schema)) +- `pod_info_extractors` (Attributes List) Specifies a list of PodInfoExtractor, each designed to select a specific Pod and extract selected runtime info from its PodSpec. The extracted information, such as environment variables, volumes and tolerations, are then injected into Jobs or Pods that execute the OpsActions defined in 'actions'. (see [below for nested schema](#nestedatt--spec--pod_info_extractors)) - `pre_conditions` (Attributes List) Specifies the preconditions that must be met to run the actions for the operation. if set, it will check the condition before the Component runs this operation. Example: '''yaml preConditions: - rule: expression: '{{ eq .component.status.phase 'Running' }}' message: Component is not in Running status. ''' (see [below for nested schema](#nestedatt--spec--pre_conditions)) -- `target_pod_templates` (Attributes List) Specifies a list of TargetPodTemplate, each designed to select a specific Pod and extract selected runtime info from its PodSpec. The extracted information, such as environment variables, volumes and tolerations, are then injected into Jobs or Pods that execute the OpsActions defined in 'actions'. (see [below for nested schema](#nestedatt--spec--target_pod_templates)) ### Nested Schema for `spec.actions` @@ -84,7 +84,7 @@ Optional: Required: - `command` (List of String) The command to be executed via 'kubectl exec --'. -- `target_pod_template` (String) Specifies a TargetPodTemplate defined in the 'opsDefinition.spec.targetPodTemplates'. +- `pod_info_extractor_name` (String) Specifies a PodInfoExtractor defined in the 'opsDefinition.spec.podInfoExtractors'. Optional: @@ -159,58 +159,58 @@ Required: Optional: - `backoff_limit` (Number) Specifies the number of retries allowed before marking the action as failed. -- `target_pod_template` (String) Specifies a TargetPodTemplate defined in the 'opsDefinition.spec.targetPodTemplates'. +- `pod_info_extractor_name` (String) Specifies a PodInfoExtractor defined in the 'opsDefinition.spec.podInfoExtractors'. ### Nested Schema for `spec.actions.workload.pod_spec` Required: -- `containers` (Attributes List) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers)) +- `containers` (Attributes List) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers)) Optional: - `active_deadline_seconds` (Number) Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. -- `affinity` (Attributes) If specified, the pod's scheduling constraints (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity)) +- `affinity` (Attributes) If specified, the pod's scheduling constraints (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity)) - `automount_service_account_token` (Boolean) AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. -- `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--dns_config)) +- `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--dns_config)) - `dns_policy` (String) Set DNS policy for the pod. Defaults to 'ClusterFirst'. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true. -- `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--host_aliases)) +- `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace. Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. - `host_pid` (Boolean) Use the host's pid namespace. Optional: Default to false. - `host_users` (Boolean) Use the host's user namespace. Optional: Default to true. If set to true or not present, the pod will be run in the host user namespace, useful for when the pod needs a feature only available to the host user namespace, such as loading a kernel module with CAP_SYS_MODULE. When set to false, a new userns is created for the pod. Setting false is useful for mitigating container breakout vulnerabilities even allowing users to run their containers as root without actually having root privileges on the host. This field is alpha-level and is only honored by servers that enable the UserNamespacesSupport feature. - `hostname` (String) Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. -- `image_pull_secrets` (Attributes List) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--image_pull_secrets)) -- `init_containers` (Attributes List) List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers)) +- `image_pull_secrets` (Attributes List) ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--image_pull_secrets)) +- `init_containers` (Attributes List) List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node's labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod. Some pod and container fields are restricted if this is set. If the OS field is set to linux, the following fields must be unset: -securityContext.windowsOptions If the OS field is set to windows, following fields must be unset: - spec.hostPID - spec.hostIPC - spec.hostUsers - spec.securityContext.seLinuxOptions - spec.securityContext.seccompProfile - spec.securityContext.fsGroup - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls - spec.shareProcessNamespace - spec.securityContext.runAsUser - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups - spec.containers[*].securityContext.seLinuxOptions - spec.containers[*].securityContext.seccompProfile - spec.containers[*].securityContext.capabilities - spec.containers[*].securityContext.readOnlyRootFilesystem - spec.containers[*].securityContext.privileged - spec.containers[*].securityContext.allowPrivilegeEscalation - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser - spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. - `priority_class_name` (String) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. -- `readiness_gates` (Attributes List) If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to 'True' More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--readiness_gates)) -- `resource_claims` (Attributes List) ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--resource_claims)) +- `readiness_gates` (Attributes List) If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to 'True' More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--readiness_gates)) +- `resource_claims` (Attributes List) ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--resource_claims)) - `restart_policy` (String) Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. SchedulingGates can only be set at pod creation time, and be removed only afterwards. This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--scheduling_gates)) -- `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--security_context)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod. If schedulingGates is not empty, the pod will stay in the SchedulingGated state and the scheduler will not attempt to schedule the pod. SchedulingGates can only be set at pod creation time, and be removed only afterwards. This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--scheduling_gates)) +- `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--security_context)) - `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. - `subdomain` (String) If specified, the fully qualified Pod hostname will be '...svc.'. If not specified, the pod will not have a domainname at all. - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. -- `tolerations` (Attributes List) If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--tolerations)) -- `topology_spread_constraints` (Attributes List) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--topology_spread_constraints)) -- `volumes` (Attributes List) List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes)) +- `tolerations` (Attributes List) If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--tolerations)) +- `topology_spread_constraints` (Attributes List) TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--topology_spread_constraints)) +- `volumes` (Attributes List) List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes)) - -### Nested Schema for `spec.actions.workload.target_pod_template.containers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers` Required: @@ -220,30 +220,30 @@ Optional: - `args` (List of String) Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - `command` (List of String) Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--env)) -- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--env_from)) +- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--env)) +- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--env_from)) - `image` (String) Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. - `image_pull_policy` (String) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images -- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--lifecycle)) -- `liveness_probe` (Attributes) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--liveness_probe)) -- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--ports)) -- `readiness_probe` (Attributes) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--readiness_probe)) -- `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--resize_policy)) -- `resources` (Attributes) Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--resources)) +- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--lifecycle)) +- `liveness_probe` (Attributes) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--liveness_probe)) +- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--ports)) +- `readiness_probe` (Attributes) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--readiness_probe)) +- `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--resize_policy)) +- `resources` (Attributes) Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--resources)) - `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. -- `security_context` (Attributes) SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--security_context)) -- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--startup_probe)) +- `security_context` (Attributes) SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--security_context)) +- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--startup_probe)) - `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - `termination_message_path` (String) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. - `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. -- `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--volume_devices)) -- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--volume_mounts)) +- `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--volume_devices)) +- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--volume_mounts)) - `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.env` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.env` Required: @@ -252,20 +252,20 @@ Required: Optional: - `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''. -- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--value_from)) +- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--value_from)) - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.value_from` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.value_from` Optional: -- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--value_from--config_map_key_ref)) -- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--value_from--field_ref)) -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--value_from--resource_field_ref)) -- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--value_from--secret_key_ref)) +- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--value_from--config_map_key_ref)) +- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--value_from--field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--value_from--resource_field_ref)) +- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--value_from--secret_key_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.value_from.config_map_key_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.value_from.config_map_key_ref` Required: @@ -277,8 +277,8 @@ Optional: - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.value_from.field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.value_from.field_ref` Required: @@ -289,8 +289,8 @@ Optional: - `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.value_from.resource_field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.value_from.resource_field_ref` Required: @@ -302,8 +302,8 @@ Optional: - `divisor` (String) Specifies the output format of the exposed resources, defaults to '1' - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.value_from.secret_key_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.value_from.secret_key_ref` Required: @@ -317,17 +317,17 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.env_from` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.env_from` Optional: -- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--config_map_ref)) +- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--config_map_ref)) - `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. -- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--secret_ref)) +- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--secret_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.config_map_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.config_map_ref` Optional: @@ -335,8 +335,8 @@ Optional: - `optional` (Boolean) Specify whether the ConfigMap must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.secret_ref` Optional: @@ -345,33 +345,33 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.lifecycle` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.lifecycle` Optional: -- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--post_start)) -- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop)) +- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--post_start)) +- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop)) - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.post_start` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.post_start` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop--exec)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop--http_get)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop--tcp_socket)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop--exec)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop--http_get)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop--tcp_socket)) - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop.http_get` Required: @@ -380,12 +380,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop--tcp_socket--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop--tcp_socket--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop.tcp_socket.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop.tcp_socket.http_headers` Required: @@ -394,8 +394,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop.tcp_socket` Required: @@ -407,25 +407,25 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop--exec)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop--http_get)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop--tcp_socket)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop--exec)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop--http_get)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop--tcp_socket)) - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop.http_get` Required: @@ -434,12 +434,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--pre_stop--tcp_socket--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--pre_stop--tcp_socket--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop.tcp_socket.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop.tcp_socket.http_headers` Required: @@ -448,8 +448,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.pre_stop.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.pre_stop.tcp_socket` Required: @@ -462,32 +462,32 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.liveness_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.liveness_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.grpc` Required: @@ -498,8 +498,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.http_get` Required: @@ -508,12 +508,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.timeout_seconds.http_headers` Required: @@ -522,8 +522,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.tcp_socket` Required: @@ -535,8 +535,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.ports` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.ports` Required: @@ -550,32 +550,32 @@ Optional: - `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.readiness_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.readiness_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.grpc` Required: @@ -586,8 +586,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.http_get` Required: @@ -596,12 +596,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.timeout_seconds.http_headers` Required: @@ -610,8 +610,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.tcp_socket` Required: @@ -623,8 +623,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.resize_policy` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.resize_policy` Required: @@ -632,17 +632,17 @@ Required: - `restart_policy` (String) Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.resources` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.resources` Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--claims)) +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--claims)) - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.claims` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.claims` Required: @@ -650,25 +650,25 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.security_context` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.security_context` Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--capabilities)) +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. - `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--windows_options)) +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--windows_options)) - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.capabilities` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.capabilities` Optional: @@ -676,8 +676,8 @@ Optional: - `drop` (List of String) Removed capabilities - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.se_linux_options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.se_linux_options` Optional: @@ -687,8 +687,8 @@ Optional: - `user` (String) User is a SELinux user label that applies to the container. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.seccomp_profile` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.seccomp_profile` Required: @@ -699,8 +699,8 @@ Optional: - `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.windows_options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.windows_options` Optional: @@ -711,32 +711,32 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.startup_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.startup_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.grpc` Required: @@ -747,8 +747,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.http_get` Required: @@ -757,12 +757,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.timeout_seconds.http_headers` Required: @@ -771,8 +771,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.working_dir.tcp_socket` Required: @@ -784,8 +784,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.volume_devices` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.volume_devices` Required: @@ -793,8 +793,8 @@ Required: - `name` (String) name must match the name of a persistentVolumeClaim in the pod - -### Nested Schema for `spec.actions.workload.target_pod_template.containers.volume_mounts` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.containers.volume_mounts` Required: @@ -810,41 +810,41 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity` Optional: -- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--node_affinity)) -- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_affinity)) -- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity)) +- `node_affinity` (Attributes) Describes node affinity scheduling rules for the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--node_affinity)) +- `pod_affinity` (Attributes) Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_affinity)) +- `pod_anti_affinity` (Attributes) Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity)) - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.node_affinity` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.node_affinity` Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` Required: -- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--preference)) +- `preference` (Attributes) A node selector term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--preference)) - `weight` (Number) Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.preference` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.preference` Optional: -- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--match_expressions)) -- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--match_fields)) +- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--match_expressions)) +- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--match_fields)) - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.match_expressions` Required: @@ -856,8 +856,8 @@ Optional: - `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.match_fields` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.match_fields` Required: @@ -871,23 +871,23 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution` Required: -- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms)) +- `node_selector_terms` (Attributes List) Required. A list of node selector terms. The terms are ORed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms)) - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms` Optional: -- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions)) -- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields)) +- `match_expressions` (Attributes List) A list of node selector requirements by node's labels. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_expressions)) +- `match_fields` (Attributes List) A list of node selector requirements by node's fields. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--node_selector_terms--match_fields)) - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions` Required: @@ -899,8 +899,8 @@ Optional: - `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_fields` Required: @@ -915,24 +915,24 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_affinity` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_affinity` Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` Required: -- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--pod_affinity_term)) +- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--pod_affinity_term)) - `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.pod_affinity_term` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.pod_affinity_term` Required: @@ -940,20 +940,20 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.label_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.label_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.label_selector.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.label_selector.match_expressions` Required: @@ -966,16 +966,16 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.namespace_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.namespace_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.namespace_selector.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.namespace_selector.match_expressions` Required: @@ -990,8 +990,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution` Required: @@ -999,20 +999,20 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespaces--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespaces--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespaces.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespaces.match_expressions` Required: @@ -1025,16 +1025,16 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespaces--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespaces--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespaces.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespaces.match_expressions` Required: @@ -1049,24 +1049,24 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity` Optional: -- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) -- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) +- `preferred_during_scheduling_ignored_during_execution` (Attributes List) The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding 'weight' to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution)) +- `required_during_scheduling_ignored_during_execution` (Attributes List) If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution)) - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.preferred_during_scheduling_ignored_during_execution` Required: -- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--pod_affinity_term)) +- `pod_affinity_term` (Attributes) Required. A pod affinity term, associated with the corresponding weight. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--pod_affinity_term)) - `weight` (Number) weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.pod_affinity_term` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.pod_affinity_term` Required: @@ -1074,20 +1074,20 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.label_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.label_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.label_selector.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.label_selector.match_expressions` Required: @@ -1100,16 +1100,16 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.namespace_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.namespace_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.namespace_selector.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.weight.namespace_selector.match_expressions` Required: @@ -1124,8 +1124,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution` Required: @@ -1133,20 +1133,20 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means 'this pod's namespace'. An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.label_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespaces--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespaces--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespaces.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespaces.match_expressions` Required: @@ -1159,16 +1159,16 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespace_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespaces--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespaces--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespaces.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.affinity.pod_anti_affinity.required_during_scheduling_ignored_during_execution.namespaces.match_expressions` Required: @@ -1184,17 +1184,17 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.dns_config` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.dns_config` Optional: - `nameservers` (List of String) A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. -- `options` (Attributes List) A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--dns_config--options)) +- `options` (Attributes List) A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--dns_config--options)) - `searches` (List of String) A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. - -### Nested Schema for `spec.actions.workload.target_pod_template.dns_config.options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.dns_config.options` Optional: @@ -1203,8 +1203,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers` Required: @@ -1214,31 +1214,31 @@ Optional: - `args` (List of String) Arguments to the entrypoint. The image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - `command` (List of String) Entrypoint array. Not executed within a shell. The image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--env)) -- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--env_from)) +- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--env)) +- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--env_from)) - `image` (String) Container image name. More info: https://kubernetes.io/docs/concepts/containers/images - `image_pull_policy` (String) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images -- `lifecycle` (Attributes) Lifecycle is not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--lifecycle)) -- `liveness_probe` (Attributes) Probes are not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--liveness_probe)) -- `ports` (Attributes List) Ports are not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--ports)) -- `readiness_probe` (Attributes) Probes are not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--readiness_probe)) -- `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--resize_policy)) -- `resources` (Attributes) Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--resources)) +- `lifecycle` (Attributes) Lifecycle is not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--lifecycle)) +- `liveness_probe` (Attributes) Probes are not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--liveness_probe)) +- `ports` (Attributes List) Ports are not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--ports)) +- `readiness_probe` (Attributes) Probes are not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--readiness_probe)) +- `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--resize_policy)) +- `resources` (Attributes) Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--resources)) - `restart_policy` (String) Restart policy for the container to manage the restart behavior of each container within a pod. This may only be set for init containers. You cannot set this field on ephemeral containers. -- `security_context` (Attributes) Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--security_context)) -- `startup_probe` (Attributes) Probes are not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--startup_probe)) +- `security_context` (Attributes) Optional: SecurityContext defines the security options the ephemeral container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--security_context)) +- `startup_probe` (Attributes) Probes are not allowed for ephemeral containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--startup_probe)) - `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - `target_container_name` (String) If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container uses the namespaces configured in the Pod spec. The container runtime must implement support for this feature. If the runtime does not support namespace targeting then the result of setting this field is undefined. - `termination_message_path` (String) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. - `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. -- `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--volume_devices)) -- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--volume_mounts)) +- `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--volume_devices)) +- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Subpath mounts are not allowed for ephemeral containers. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--volume_mounts)) - `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.env` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.env` Required: @@ -1247,20 +1247,20 @@ Required: Optional: - `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''. -- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--value_from)) +- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--value_from)) - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.value_from` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.value_from` Optional: -- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--value_from--config_map_key_ref)) -- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--value_from--field_ref)) -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--value_from--resource_field_ref)) -- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--value_from--secret_key_ref)) +- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--value_from--config_map_key_ref)) +- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--value_from--field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--value_from--resource_field_ref)) +- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--value_from--secret_key_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.value_from.config_map_key_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.value_from.config_map_key_ref` Required: @@ -1272,8 +1272,8 @@ Optional: - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.value_from.field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.value_from.field_ref` Required: @@ -1284,8 +1284,8 @@ Optional: - `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.value_from.resource_field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.value_from.resource_field_ref` Required: @@ -1297,8 +1297,8 @@ Optional: - `divisor` (String) Specifies the output format of the exposed resources, defaults to '1' - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.value_from.secret_key_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.value_from.secret_key_ref` Required: @@ -1312,17 +1312,17 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.env_from` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.env_from` Optional: -- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--config_map_ref)) +- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--config_map_ref)) - `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. -- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--secret_ref)) +- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--secret_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.config_map_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.config_map_ref` Optional: @@ -1330,8 +1330,8 @@ Optional: - `optional` (Boolean) Specify whether the ConfigMap must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.secret_ref` Optional: @@ -1340,33 +1340,33 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.lifecycle` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.lifecycle` Optional: -- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--post_start)) -- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop)) +- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--post_start)) +- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop)) - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.post_start` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.post_start` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop--exec)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop--http_get)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop--tcp_socket)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop--exec)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop--http_get)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop--tcp_socket)) - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop.http_get` Required: @@ -1375,12 +1375,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop--tcp_socket--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop--tcp_socket--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop.tcp_socket.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop.tcp_socket.http_headers` Required: @@ -1389,8 +1389,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop.tcp_socket` Required: @@ -1402,25 +1402,25 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop--exec)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop--http_get)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop--tcp_socket)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop--exec)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop--http_get)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop--tcp_socket)) - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop.http_get` Required: @@ -1429,12 +1429,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--pre_stop--tcp_socket--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--pre_stop--tcp_socket--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop.tcp_socket.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop.tcp_socket.http_headers` Required: @@ -1443,8 +1443,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.pre_stop.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.pre_stop.tcp_socket` Required: @@ -1457,32 +1457,32 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.liveness_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.liveness_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.grpc` Required: @@ -1493,8 +1493,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.http_get` Required: @@ -1503,12 +1503,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.timeout_seconds.http_headers` Required: @@ -1517,8 +1517,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.tcp_socket` Required: @@ -1530,8 +1530,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.ports` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.ports` Required: @@ -1545,32 +1545,32 @@ Optional: - `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.readiness_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.readiness_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.grpc` Required: @@ -1581,8 +1581,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.http_get` Required: @@ -1591,12 +1591,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.timeout_seconds.http_headers` Required: @@ -1605,8 +1605,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.tcp_socket` Required: @@ -1618,8 +1618,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.resize_policy` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.resize_policy` Required: @@ -1627,17 +1627,17 @@ Required: - `restart_policy` (String) Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.resources` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.resources` Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--claims)) +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--claims)) - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.claims` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.claims` Required: @@ -1645,25 +1645,25 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.security_context` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.security_context` Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--capabilities)) +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. - `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--windows_options)) +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--windows_options)) - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.capabilities` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.capabilities` Optional: @@ -1671,8 +1671,8 @@ Optional: - `drop` (List of String) Removed capabilities - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.se_linux_options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.se_linux_options` Optional: @@ -1682,8 +1682,8 @@ Optional: - `user` (String) User is a SELinux user label that applies to the container. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.seccomp_profile` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.seccomp_profile` Required: @@ -1694,8 +1694,8 @@ Optional: - `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.windows_options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.windows_options` Optional: @@ -1706,32 +1706,32 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.startup_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.startup_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.grpc` Required: @@ -1742,8 +1742,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.http_get` Required: @@ -1752,12 +1752,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--ephemeral_containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--ephemeral_containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.timeout_seconds.http_headers` Required: @@ -1766,8 +1766,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.working_dir.tcp_socket` Required: @@ -1779,8 +1779,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.volume_devices` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.volume_devices` Required: @@ -1788,8 +1788,8 @@ Required: - `name` (String) name must match the name of a persistentVolumeClaim in the pod - -### Nested Schema for `spec.actions.workload.target_pod_template.ephemeral_containers.volume_mounts` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.ephemeral_containers.volume_mounts` Required: @@ -1805,8 +1805,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.host_aliases` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.host_aliases` Optional: @@ -1814,16 +1814,16 @@ Optional: - `ip` (String) IP address of the host file entry. - -### Nested Schema for `spec.actions.workload.target_pod_template.image_pull_secrets` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.image_pull_secrets` Optional: - `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers` Required: @@ -1833,30 +1833,30 @@ Optional: - `args` (List of String) Arguments to the entrypoint. The container image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell - `command` (List of String) Entrypoint array. Not executed within a shell. The container image's ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell -- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--env)) -- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--env_from)) +- `env` (Attributes List) List of environment variables to set in the container. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--env)) +- `env_from` (Attributes List) List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--env_from)) - `image` (String) Container image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets. - `image_pull_policy` (String) Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images -- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--lifecycle)) -- `liveness_probe` (Attributes) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--liveness_probe)) -- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--ports)) -- `readiness_probe` (Attributes) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--readiness_probe)) -- `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--resize_policy)) -- `resources` (Attributes) Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--resources)) +- `lifecycle` (Attributes) Actions that the management system should take in response to container lifecycle events. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--lifecycle)) +- `liveness_probe` (Attributes) Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--liveness_probe)) +- `ports` (Attributes List) List of ports to expose from the container. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default '0.0.0.0' address inside a container will be accessible from the network. Modifying this array with strategic merge patch may corrupt the data. For more information See https://github.com/kubernetes/kubernetes/issues/108255. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--ports)) +- `readiness_probe` (Attributes) Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--readiness_probe)) +- `resize_policy` (Attributes List) Resources resize policy for the container. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--resize_policy)) +- `resources` (Attributes) Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--resources)) - `restart_policy` (String) RestartPolicy defines the restart behavior of individual containers in a pod. This field may only be set for init containers, and the only allowed value is 'Always'. For non-init containers or when this field is not specified, the restart behavior is defined by the Pod's restart policy and the container type. Setting the RestartPolicy as 'Always' for the init container will have the following effect: this init container will be continually restarted on exit until all regular containers have terminated. Once all regular containers have completed, all init containers with restartPolicy 'Always' will be shut down. This lifecycle differs from normal init containers and is often referred to as a 'sidecar' container. Although this init container still starts in the init container sequence, it does not wait for the container to complete before proceeding to the next init container. Instead, the next init container starts immediately after this init container is started, or after any startupProbe has successfully completed. -- `security_context` (Attributes) SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--security_context)) -- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--startup_probe)) +- `security_context` (Attributes) SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--security_context)) +- `startup_probe` (Attributes) StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod's lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--startup_probe)) - `stdin` (Boolean) Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - `stdin_once` (Boolean) Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - `termination_message_path` (String) Optional: Path at which the file to which the container's termination message will be written is mounted into the container's filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated. - `termination_message_policy` (String) Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - `tty` (Boolean) Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. -- `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--volume_devices)) -- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--volume_mounts)) +- `volume_devices` (Attributes List) volumeDevices is the list of block devices to be used by the container. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--volume_devices)) +- `volume_mounts` (Attributes List) Pod volumes to mount into the container's filesystem. Cannot be updated. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--volume_mounts)) - `working_dir` (String) Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.env` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.env` Required: @@ -1865,20 +1865,20 @@ Required: Optional: - `value` (String) Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. '$$(VAR_NAME)' will produce the string literal '$(VAR_NAME)'. Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to ''. -- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--value_from)) +- `value_from` (Attributes) Source for the environment variable's value. Cannot be used if value is not empty. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--value_from)) - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.value_from` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.value_from` Optional: -- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--value_from--config_map_key_ref)) -- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--value_from--field_ref)) -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--value_from--resource_field_ref)) -- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--value_from--secret_key_ref)) +- `config_map_key_ref` (Attributes) Selects a key of a ConfigMap. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--value_from--config_map_key_ref)) +- `field_ref` (Attributes) Selects a field of the pod: supports metadata.name, metadata.namespace, 'metadata.labels['']', 'metadata.annotations['']', spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--value_from--field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--value_from--resource_field_ref)) +- `secret_key_ref` (Attributes) Selects a key of a secret in the pod's namespace (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--value_from--secret_key_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.value_from.config_map_key_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.value_from.config_map_key_ref` Required: @@ -1890,8 +1890,8 @@ Optional: - `optional` (Boolean) Specify whether the ConfigMap or its key must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.value_from.field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.value_from.field_ref` Required: @@ -1902,8 +1902,8 @@ Optional: - `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.value_from.resource_field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.value_from.resource_field_ref` Required: @@ -1915,8 +1915,8 @@ Optional: - `divisor` (String) Specifies the output format of the exposed resources, defaults to '1' - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.value_from.secret_key_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.value_from.secret_key_ref` Required: @@ -1930,17 +1930,17 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.env_from` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.env_from` Optional: -- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--config_map_ref)) +- `config_map_ref` (Attributes) The ConfigMap to select from (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--config_map_ref)) - `prefix` (String) An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. -- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--secret_ref)) +- `secret_ref` (Attributes) The Secret to select from (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--secret_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.config_map_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.config_map_ref` Optional: @@ -1948,8 +1948,8 @@ Optional: - `optional` (Boolean) Specify whether the ConfigMap must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.secret_ref` Optional: @@ -1958,33 +1958,33 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.lifecycle` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.lifecycle` Optional: -- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--post_start)) -- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop)) +- `post_start` (Attributes) PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--post_start)) +- `pre_stop` (Attributes) PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The Pod's termination grace period countdown begins before the PreStop hook is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod's termination grace period (unless delayed by finalizers). Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop)) - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.post_start` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.post_start` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop--exec)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop--http_get)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop--tcp_socket)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop--exec)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop--http_get)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop--tcp_socket)) - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop.http_get` Required: @@ -1993,12 +1993,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop--tcp_socket--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop--tcp_socket--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop.tcp_socket.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop.tcp_socket.http_headers` Required: @@ -2007,8 +2007,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop.tcp_socket` Required: @@ -2020,25 +2020,25 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop--exec)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop--http_get)) -- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop--tcp_socket)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop--exec)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop--http_get)) +- `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and kept for the backward compatibility. There are no validation of this field and lifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop--tcp_socket)) - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop.http_get` Required: @@ -2047,12 +2047,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--pre_stop--tcp_socket--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--pre_stop--tcp_socket--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop.tcp_socket.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop.tcp_socket.http_headers` Required: @@ -2061,8 +2061,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.pre_stop.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.pre_stop.tcp_socket` Required: @@ -2075,32 +2075,32 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.liveness_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.liveness_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.grpc` Required: @@ -2111,8 +2111,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.http_get` Required: @@ -2121,12 +2121,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.timeout_seconds.http_headers` Required: @@ -2135,8 +2135,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.tcp_socket` Required: @@ -2148,8 +2148,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.ports` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.ports` Required: @@ -2163,32 +2163,32 @@ Optional: - `protocol` (String) Protocol for port. Must be UDP, TCP, or SCTP. Defaults to 'TCP'. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.readiness_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.readiness_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.grpc` Required: @@ -2199,8 +2199,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.http_get` Required: @@ -2209,12 +2209,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.timeout_seconds.http_headers` Required: @@ -2223,8 +2223,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.tcp_socket` Required: @@ -2236,8 +2236,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.resize_policy` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.resize_policy` Required: @@ -2245,17 +2245,17 @@ Required: - `restart_policy` (String) Restart policy to apply when specified resource is resized. If not specified, it defaults to NotRequired. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.resources` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.resources` Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--claims)) +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--claims)) - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.claims` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.claims` Required: @@ -2263,25 +2263,25 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.security_context` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.security_context` Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN Note that this field cannot be set when spec.os.name is windows. -- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--capabilities)) +- `capabilities` (Attributes) The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. Note that this field cannot be set when spec.os.name is windows. - `read_only_root_filesystem` (Boolean) Whether this container has a read-only root filesystem. Default is false. Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. - `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--seccomp_profile)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--windows_options)) +- `se_linux_options` (Attributes) The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--seccomp_profile)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--windows_options)) - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.capabilities` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.capabilities` Optional: @@ -2289,8 +2289,8 @@ Optional: - `drop` (List of String) Removed capabilities - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.se_linux_options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.se_linux_options` Optional: @@ -2300,8 +2300,8 @@ Optional: - `user` (String) User is a SELinux user label that applies to the container. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.seccomp_profile` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.seccomp_profile` Required: @@ -2312,8 +2312,8 @@ Optional: - `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.windows_options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.windows_options` Optional: @@ -2324,32 +2324,32 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.startup_probe` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.startup_probe` Optional: -- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--exec)) +- `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--exec)) - `failure_threshold` (Number) Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. -- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--grpc)) -- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--http_get)) +- `grpc` (Attributes) GRPC specifies an action involving a GRPC port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--grpc)) +- `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--http_get)) - `initial_delay_seconds` (Number) Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - `period_seconds` (Number) How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - `success_threshold` (Number) Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. -- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--tcp_socket)) +- `tcp_socket` (Attributes) TCPSocket specifies an action involving a TCP port. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--tcp_socket)) - `termination_grace_period_seconds` (Number) Optional duration in seconds the pod needs to terminate gracefully upon probe failure. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. If this value is nil, the pod's terminationGracePeriodSeconds will be used. Otherwise, this value overrides the value provided by the pod spec. Value must be non-negative integer. The value zero indicates stop immediately via the kill signal (no opportunity to shut down). This is a beta field and requires enabling ProbeTerminationGracePeriod feature gate. Minimum value is 1. spec.terminationGracePeriodSeconds is used if unset. - `timeout_seconds` (Number) Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.exec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.exec` Optional: - `command` (List of String) Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.grpc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.grpc` Required: @@ -2360,8 +2360,8 @@ Optional: - `service` (String) Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). If this is not specified, the default behavior is defined by gRPC. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.http_get` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.http_get` Required: @@ -2370,12 +2370,12 @@ Required: Optional: - `host` (String) Host name to connect to, defaults to the pod IP. You probably want to set 'Host' in httpHeaders instead. -- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--init_containers--working_dir--timeout_seconds--http_headers)) +- `http_headers` (Attributes List) Custom headers to set in the request. HTTP allows repeated headers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--init_containers--working_dir--timeout_seconds--http_headers)) - `path` (String) Path to access on the HTTP server. - `scheme` (String) Scheme to use for connecting to the host. Defaults to HTTP. - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.timeout_seconds.http_headers` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.timeout_seconds.http_headers` Required: @@ -2384,8 +2384,8 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.working_dir.tcp_socket` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.working_dir.tcp_socket` Required: @@ -2397,8 +2397,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.volume_devices` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.volume_devices` Required: @@ -2406,8 +2406,8 @@ Required: - `name` (String) name must match the name of a persistentVolumeClaim in the pod - -### Nested Schema for `spec.actions.workload.target_pod_template.init_containers.volume_mounts` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.init_containers.volume_mounts` Required: @@ -2423,24 +2423,24 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.os` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.os` Required: - `name` (String) Name is the name of the operating system. The currently supported values are linux and windows. Additional value may be defined in future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration Clients should expect to handle additional values and treat unrecognized values in this field as os: null - -### Nested Schema for `spec.actions.workload.target_pod_template.readiness_gates` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.readiness_gates` Required: - `condition_type` (String) ConditionType refers to a condition in the pod's condition list with matching type. - -### Nested Schema for `spec.actions.workload.target_pod_template.resource_claims` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.resource_claims` Required: @@ -2448,10 +2448,10 @@ Required: Optional: -- `source` (Attributes) Source describes where to find the ResourceClaim. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--resource_claims--source)) +- `source` (Attributes) Source describes where to find the ResourceClaim. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--resource_claims--source)) - -### Nested Schema for `spec.actions.workload.target_pod_template.resource_claims.source` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.resource_claims.source` Optional: @@ -2460,16 +2460,16 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.scheduling_gates` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.scheduling_gates` Required: - `name` (String) Name of the scheduling gate. Each scheduling gate must have a unique name field. - -### Nested Schema for `spec.actions.workload.target_pod_template.security_context` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.security_context` Optional: @@ -2478,14 +2478,14 @@ Optional: - `run_as_group` (Number) The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. - `run_as_non_root` (Boolean) Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - `run_as_user` (Number) The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. -- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--security_context--se_linux_options)) -- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--security_context--seccomp_profile)) +- `se_linux_options` (Attributes) The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--security_context--se_linux_options)) +- `seccomp_profile` (Attributes) The seccomp options to use by the containers in this pod. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--security_context--seccomp_profile)) - `supplemental_groups` (List of String) A list of groups applied to the first process run in each container, in addition to the container's primary GID, the fsGroup (if specified), and group memberships defined in the container image for the uid of the container process. If unspecified, no additional groups are added to any container. Note that group memberships defined in the container image for the uid of the container process are still effective, even if they are not included in this list. Note that this field cannot be set when spec.os.name is windows. -- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--security_context--sysctls)) -- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--security_context--windows_options)) +- `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--security_context--sysctls)) +- `windows_options` (Attributes) The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--security_context--windows_options)) - -### Nested Schema for `spec.actions.workload.target_pod_template.security_context.se_linux_options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.security_context.se_linux_options` Optional: @@ -2495,8 +2495,8 @@ Optional: - `user` (String) User is a SELinux user label that applies to the container. - -### Nested Schema for `spec.actions.workload.target_pod_template.security_context.seccomp_profile` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.security_context.seccomp_profile` Required: @@ -2507,8 +2507,8 @@ Optional: - `localhost_profile` (String) localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must be set if type is 'Localhost'. Must NOT be set for any other type. - -### Nested Schema for `spec.actions.workload.target_pod_template.security_context.sysctls` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.security_context.sysctls` Required: @@ -2516,8 +2516,8 @@ Required: - `value` (String) Value of a property to set - -### Nested Schema for `spec.actions.workload.target_pod_template.security_context.windows_options` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.security_context.windows_options` Optional: @@ -2528,8 +2528,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.tolerations` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.tolerations` Optional: @@ -2540,8 +2540,8 @@ Optional: - `value` (String) Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - -### Nested Schema for `spec.actions.workload.target_pod_template.topology_spread_constraints` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.topology_spread_constraints` Required: @@ -2551,22 +2551,22 @@ Required: Optional: -- `label_selector` (Attributes) LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--topology_spread_constraints--label_selector)) +- `label_selector` (Attributes) LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. MatchLabelKeys cannot be set when LabelSelector isn't set. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). - `min_domains` (Number) MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - -### Nested Schema for `spec.actions.workload.target_pod_template.topology_spread_constraints.label_selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.topology_spread_constraints.label_selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--topology_spread_constraints--node_taints_policy--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--topology_spread_constraints--node_taints_policy--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.topology_spread_constraints.node_taints_policy.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.topology_spread_constraints.node_taints_policy.match_expressions` Required: @@ -2580,8 +2580,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes` Required: @@ -2589,38 +2589,38 @@ Required: Optional: -- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--aws_elastic_block_store)) -- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--azure_disk)) -- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--azure_file)) -- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--cephfs)) -- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--cinder)) -- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--config_map)) -- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--csi)) -- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--downward_api)) -- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--empty_dir)) -- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--ephemeral)) -- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--fc)) -- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--flex_volume)) -- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--flocker)) -- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--gce_persistent_disk)) -- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--git_repo)) -- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--glusterfs)) -- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--host_path)) -- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--iscsi)) -- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--nfs)) -- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--persistent_volume_claim)) -- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--photon_persistent_disk)) -- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--portworx_volume)) -- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--projected)) -- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--quobyte)) -- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--rbd)) -- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--scale_io)) -- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--secret)) -- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--storageos)) -- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume)) - - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.aws_elastic_block_store` +- `aws_elastic_block_store` (Attributes) awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--aws_elastic_block_store)) +- `azure_disk` (Attributes) azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--azure_disk)) +- `azure_file` (Attributes) azureFile represents an Azure File Service mount on the host and bind mount to the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--azure_file)) +- `cephfs` (Attributes) cephFS represents a Ceph FS mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--cephfs)) +- `cinder` (Attributes) cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--cinder)) +- `config_map` (Attributes) configMap represents a configMap that should populate this volume (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--config_map)) +- `csi` (Attributes) csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--csi)) +- `downward_api` (Attributes) downwardAPI represents downward API about the pod that should populate this volume (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--downward_api)) +- `empty_dir` (Attributes) emptyDir represents a temporary directory that shares a pod's lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--empty_dir)) +- `ephemeral` (Attributes) ephemeral represents a volume that is handled by a cluster storage driver. The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. A pod can use both types of ephemeral volumes and persistent volumes at the same time. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--ephemeral)) +- `fc` (Attributes) fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--fc)) +- `flex_volume` (Attributes) flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--flex_volume)) +- `flocker` (Attributes) flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--flocker)) +- `gce_persistent_disk` (Attributes) gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--gce_persistent_disk)) +- `git_repo` (Attributes) gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod's container. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--git_repo)) +- `glusterfs` (Attributes) glusterfs represents a Glusterfs mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--glusterfs)) +- `host_path` (Attributes) hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--host_path)) +- `iscsi` (Attributes) iscsi represents an ISCSI Disk resource that is attached to a kubelet's host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--iscsi)) +- `nfs` (Attributes) nfs represents an NFS mount on the host that shares a pod's lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--nfs)) +- `persistent_volume_claim` (Attributes) persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--persistent_volume_claim)) +- `photon_persistent_disk` (Attributes) photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--photon_persistent_disk)) +- `portworx_volume` (Attributes) portworxVolume represents a portworx volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--portworx_volume)) +- `projected` (Attributes) projected items for all in one resources secrets, configmaps, and downward API (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--projected)) +- `quobyte` (Attributes) quobyte represents a Quobyte mount on the host that shares a pod's lifetime (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--quobyte)) +- `rbd` (Attributes) rbd represents a Rados Block Device mount on the host that shares a pod's lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--rbd)) +- `scale_io` (Attributes) scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--scale_io)) +- `secret` (Attributes) secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--secret)) +- `storageos` (Attributes) storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--storageos)) +- `vsphere_volume` (Attributes) vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume)) + + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.aws_elastic_block_store` Required: @@ -2633,8 +2633,8 @@ Optional: - `read_only` (Boolean) readOnly value true will force the readOnly setting in VolumeMounts. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.azure_disk` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.azure_disk` Required: @@ -2649,8 +2649,8 @@ Optional: - `read_only` (Boolean) readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.azure_file` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.azure_file` Required: @@ -2662,8 +2662,8 @@ Optional: - `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.cephfs` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.cephfs` Required: @@ -2674,11 +2674,11 @@ Optional: - `path` (String) path is Optional: Used as the mounted root, rather than the full Ceph tree, default is / - `read_only` (Boolean) readOnly is Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - `secret_file` (String) secretFile is Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it -- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--secret_ref)) +- `secret_ref` (Attributes) secretRef is Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--secret_ref)) - `user` (String) user is optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.secret_ref` Optional: @@ -2686,8 +2686,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.cinder` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.cinder` Required: @@ -2697,10 +2697,10 @@ Optional: - `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md - `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md -- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--secret_ref)) +- `secret_ref` (Attributes) secretRef is optional: points to a secret object containing parameters used to connect to OpenStack. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--secret_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.secret_ref` Optional: @@ -2708,18 +2708,18 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.config_map` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.config_map` Optional: - `default_mode` (Number) defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--items)) +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--items)) - `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.items` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.items` Required: @@ -2732,8 +2732,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.csi` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.csi` Required: @@ -2742,12 +2742,12 @@ Required: Optional: - `fs_type` (String) fsType to mount. Ex. 'ext4', 'xfs', 'ntfs'. If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. -- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--node_publish_secret_ref)) +- `node_publish_secret_ref` (Attributes) nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--node_publish_secret_ref)) - `read_only` (Boolean) readOnly specifies a read-only configuration for the volume. Defaults to false (read/write). - `volume_attributes` (Map of String) volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.node_publish_secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.node_publish_secret_ref` Optional: @@ -2755,16 +2755,16 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.downward_api` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.downward_api` Optional: - `default_mode` (Number) Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--items)) +- `items` (Attributes List) Items is a list of downward API volume file (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--items)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.items` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.items` Required: @@ -2772,12 +2772,12 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--items--resource_field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--items--resource_field_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.items.field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.items.field_ref` Required: @@ -2788,8 +2788,8 @@ Optional: - `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.items.resource_field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.items.resource_field_ref` Required: @@ -2803,8 +2803,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.empty_dir` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.empty_dir` Optional: @@ -2812,40 +2812,40 @@ Optional: - `size_limit` (String) sizeLimit is the total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.ephemeral` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.ephemeral` Optional: -- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '-' where '' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template)) +- `volume_claim_template` (Attributes) Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be '-' where '' is the name from the 'PodSpec.Volumes' array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. Required, must not be nil. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template` Required: -- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template--spec)) +- `spec` (Attributes) The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template--spec)) Optional: -- `metadata` (Attributes) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template--metadata)) +- `metadata` (Attributes) May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template--metadata)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template.spec` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template.spec` Optional: - `access_modes` (List of String) accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1 -- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template--metadata--data_source)) -- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template--metadata--data_source_ref)) -- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template--metadata--resources)) -- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template--metadata--selector)) +- `data_source` (Attributes) dataSource field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source. When the AnyVolumeDataSource feature gate is enabled, dataSource contents will be copied to dataSourceRef, and dataSourceRef contents will be copied to dataSource when dataSourceRef.namespace is not specified. If the namespace is specified, then dataSourceRef will not be copied to dataSource. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template--metadata--data_source)) +- `data_source_ref` (Attributes) dataSourceRef specifies the object from which to populate the volume with data, if a non-empty volume is desired. This may be any object from a non-empty API group (non core object) or a PersistentVolumeClaim object. When this field is specified, volume binding will only succeed if the type of the specified object matches some installed volume populator or dynamic provisioner. This field will replace the functionality of the dataSource field and as such if both fields are non-empty, they must have the same value. For backwards compatibility, when namespace isn't specified in dataSourceRef, both fields (dataSource and dataSourceRef) will be set to the same value automatically if one of them is empty and the other is non-empty. When namespace is specified in dataSourceRef, dataSource isn't set to the same value and must be empty. There are three important differences between dataSource and dataSourceRef: * While dataSource only allows two specific types of objects, dataSourceRef allows any non-core object, as well as PersistentVolumeClaim objects. * While dataSource ignores disallowed values (dropping them), dataSourceRef preserves all values, and generates an error if a disallowed value is specified. * While dataSource only allows local objects, dataSourceRef allows objects in any namespaces. (Beta) Using this field requires the AnyVolumeDataSource feature gate to be enabled. (Alpha) Using the namespace field of dataSourceRef requires the CrossNamespaceVolumeDataSource feature gate to be enabled. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template--metadata--data_source_ref)) +- `resources` (Attributes) resources represents the minimum resources the volume should have. If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirements that are lower than previous value but must still be higher than capacity recorded in the status field of the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template--metadata--resources)) +- `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 - `volume_mode` (String) volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template.metadata.data_source` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template.metadata.data_source` Required: @@ -2857,8 +2857,8 @@ Optional: - `api_group` (String) APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template.metadata.data_source_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template.metadata.data_source_ref` Required: @@ -2871,17 +2871,17 @@ Optional: - `namespace` (String) Namespace is the namespace of resource being referenced Note that when a namespace is specified, a gateway.networking.k8s.io/ReferenceGrant object is required in the referent namespace to allow that namespace's owner to accept the reference. See the ReferenceGrant documentation for details. (Alpha) This field requires the CrossNamespaceVolumeDataSource feature gate to be enabled. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template.metadata.resources` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template.metadata.resources` Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template--metadata--resources--claims)) +- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template--metadata--resources--claims)) - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - `requests` (Map of String) Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. Requests cannot exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template.metadata.resources.claims` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template.metadata.resources.claims` Required: @@ -2889,16 +2889,16 @@ Required: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template.metadata.selector` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template.metadata.selector` Optional: -- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--volume_claim_template--metadata--selector--match_expressions)) +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--volume_claim_template--metadata--selector--match_expressions)) - `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template.metadata.selector.match_expressions` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template.metadata.selector.match_expressions` Required: @@ -2912,8 +2912,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.volume_claim_template.metadata` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.volume_claim_template.metadata` Optional: @@ -2926,8 +2926,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.fc` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.fc` Optional: @@ -2938,8 +2938,8 @@ Optional: - `wwids` (List of String) wwids Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.flex_volume` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.flex_volume` Required: @@ -2950,10 +2950,10 @@ Optional: - `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. The default filesystem depends on FlexVolume script. - `options` (Map of String) options is Optional: this field holds extra command options if any. - `read_only` (Boolean) readOnly is Optional: defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. -- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--secret_ref)) +- `secret_ref` (Attributes) secretRef is Optional: secretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--secret_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.secret_ref` Optional: @@ -2961,8 +2961,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.flocker` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.flocker` Optional: @@ -2970,8 +2970,8 @@ Optional: - `dataset_uuid` (String) datasetUUID is the UUID of the dataset. This is unique identifier of a Flocker dataset - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.gce_persistent_disk` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.gce_persistent_disk` Required: @@ -2984,8 +2984,8 @@ Optional: - `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.git_repo` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.git_repo` Required: @@ -2997,8 +2997,8 @@ Optional: - `revision` (String) revision is the commit hash for the specified revision. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.glusterfs` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.glusterfs` Required: @@ -3010,8 +3010,8 @@ Optional: - `read_only` (Boolean) readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.host_path` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.host_path` Required: @@ -3022,8 +3022,8 @@ Optional: - `type` (String) type for HostPath Volume Defaults to '' More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.iscsi` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.iscsi` Required: @@ -3040,10 +3040,10 @@ Optional: - `iscsi_interface` (String) iscsiInterface is the interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - `portals` (List of String) portals is the iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. -- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--secret_ref)) +- `secret_ref` (Attributes) secretRef is the CHAP Secret for iSCSI target and initiator authentication (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--secret_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.secret_ref` Optional: @@ -3051,8 +3051,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.nfs` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.nfs` Required: @@ -3064,8 +3064,8 @@ Optional: - `read_only` (Boolean) readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.persistent_volume_claim` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.persistent_volume_claim` Required: @@ -3076,8 +3076,8 @@ Optional: - `read_only` (Boolean) readOnly Will force the ReadOnly setting in VolumeMounts. Default false. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.photon_persistent_disk` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.photon_persistent_disk` Required: @@ -3088,8 +3088,8 @@ Optional: - `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.portworx_volume` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.portworx_volume` Required: @@ -3101,35 +3101,35 @@ Optional: - `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.projected` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.projected` Optional: - `default_mode` (Number) defaultMode are the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -- `sources` (Attributes List) sources is the list of volume projections (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources)) +- `sources` (Attributes List) sources is the list of volume projections (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources` Optional: -- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--config_map)) -- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--downward_api)) -- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--secret)) -- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--service_account_token)) +- `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--config_map)) +- `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--downward_api)) +- `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--secret)) +- `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--service_account_token)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.config_map` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.config_map` Optional: -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--service_account_token--items)) +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--service_account_token--items)) - `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional specify whether the ConfigMap or its keys must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.service_account_token.items` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.service_account_token.items` Required: @@ -3142,15 +3142,15 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.downward_api` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.downward_api` Optional: -- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--service_account_token--items)) +- `items` (Attributes List) Items is a list of DownwardAPIVolume file (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--service_account_token--items)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.service_account_token.items` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.service_account_token.items` Required: @@ -3158,12 +3158,12 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) +- `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.service_account_token.items.field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.service_account_token.items.field_ref` Required: @@ -3174,8 +3174,8 @@ Optional: - `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.service_account_token.items.resource_field_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.service_account_token.items.resource_field_ref` Required: @@ -3189,17 +3189,17 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.secret` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.secret` Optional: -- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--sources--service_account_token--items)) +- `items` (Attributes List) items if unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--sources--service_account_token--items)) - `name` (String) Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid? - `optional` (Boolean) optional field specify whether the Secret or its key must be defined - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.service_account_token.items` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.service_account_token.items` Required: @@ -3212,8 +3212,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.sources.service_account_token` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.sources.service_account_token` Required: @@ -3227,8 +3227,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.quobyte` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.quobyte` Required: @@ -3243,8 +3243,8 @@ Optional: - `user` (String) user to map volume access to Defaults to serivceaccount user - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.rbd` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.rbd` Required: @@ -3257,11 +3257,11 @@ Optional: - `keyring` (String) keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - `pool` (String) pool is the rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - `read_only` (Boolean) readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it -- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--secret_ref)) +- `secret_ref` (Attributes) secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--secret_ref)) - `user` (String) user is the rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.secret_ref` Optional: @@ -3269,13 +3269,13 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.scale_io` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.scale_io` Required: - `gateway` (String) gateway is the host address of the ScaleIO API Gateway. -- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--secret_ref)) +- `secret_ref` (Attributes) secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--secret_ref)) - `system` (String) system is the name of the storage system as configured in ScaleIO. Optional: @@ -3288,8 +3288,8 @@ Optional: - `storage_pool` (String) storagePool is the ScaleIO Storage Pool associated with the protection domain. - `volume_name` (String) volumeName is the name of a volume already created in the ScaleIO system that is associated with this volume source. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.secret_ref` Optional: @@ -3297,18 +3297,18 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.secret` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.secret` Optional: - `default_mode` (Number) defaultMode is Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. -- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--items)) +- `items` (Attributes List) items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--items)) - `optional` (Boolean) optional field specify whether the Secret or its keys must be defined - `secret_name` (String) secretName is the name of the secret in the pod's namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.items` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.items` Required: @@ -3321,19 +3321,19 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.storageos` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.storageos` Optional: - `fs_type` (String) fsType is the filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. 'ext4', 'xfs', 'ntfs'. Implicitly inferred to be 'ext4' if unspecified. - `read_only` (Boolean) readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. -- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--actions--workload--target_pod_template--volumes--vsphere_volume--secret_ref)) +- `secret_ref` (Attributes) secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. (see [below for nested schema](#nestedatt--spec--actions--workload--pod_info_extractor_name--volumes--vsphere_volume--secret_ref)) - `volume_name` (String) volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - `volume_namespace` (String) volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to 'default' if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume.secret_ref` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume.secret_ref` Optional: @@ -3341,8 +3341,8 @@ Optional: - -### Nested Schema for `spec.actions.workload.target_pod_template.volumes.vsphere_volume` + +### Nested Schema for `spec.actions.workload.pod_info_extractor_name.volumes.vsphere_volume` Required: @@ -3359,12 +3359,12 @@ Optional: - -### Nested Schema for `spec.component_definition_refs` + +### Nested Schema for `spec.component_infos` Required: -- `name` (String) Specifies the name of the ComponentDefinition. +- `component_definition_name` (String) Specifies the name of the ComponentDefinition. Optional: @@ -3380,64 +3380,46 @@ Optional: - `open_apiv3_schema` (Map of String) Defines the schema for parameters using the OpenAPI v3. The supported property types include: - string - number - integer - array: Note that only items of string type are supported. - -### Nested Schema for `spec.pre_conditions` - -Optional: - -- `rule` (Attributes) Specifies the conditions that must be met for the operation to execute. (see [below for nested schema](#nestedatt--spec--pre_conditions--rule)) - - -### Nested Schema for `spec.pre_conditions.rule` - -Required: - -- `expression` (String) Specifies a Go template expression that determines how the operation can be executed. The return value must be either 'true' or 'false'. Available built-in objects that can be referenced in the expression include: - 'params': Input parameters. - 'cluster': The referenced Cluster object. - 'component': The referenced Component object. -- `message` (String) Specifies the error or status message reported if the 'expression' does not evaluate to 'true'. - - - - -### Nested Schema for `spec.target_pod_templates` + +### Nested Schema for `spec.pod_info_extractors` Required: -- `name` (String) Specifies the name of the TargetPodTemplate. -- `pod_selector` (Attributes) Used to select the target Pod from which environment variables and volumes are extracted from its PodSpec. (see [below for nested schema](#nestedatt--spec--target_pod_templates--pod_selector)) +- `name` (String) Specifies the name of the PodInfoExtractor. +- `pod_selector` (Attributes) Used to select the target Pod from which environment variables and volumes are extracted from its PodSpec. (see [below for nested schema](#nestedatt--spec--pod_info_extractors--pod_selector)) Optional: -- `vars` (Attributes List) Specifies a list of environment variables to be extracted from a selected Pod, and injected into the containers executing each OpsAction. (see [below for nested schema](#nestedatt--spec--target_pod_templates--vars)) -- `volume_mounts` (Attributes List) Specifies a list of volumes, along with their respective mount points, that are to be extracted from a selected Pod, and mounted onto the containers executing each OpsAction. This allows the containers to access shared or persistent data necessary for the operation. (see [below for nested schema](#nestedatt--spec--target_pod_templates--volume_mounts)) +- `env` (Attributes List) Specifies a list of environment variables to be extracted from a selected Pod, and injected into the containers executing each OpsAction. (see [below for nested schema](#nestedatt--spec--pod_info_extractors--env)) +- `volume_mounts` (Attributes List) Specifies a list of volumes, along with their respective mount points, that are to be extracted from a selected Pod, and mounted onto the containers executing each OpsAction. This allows the containers to access shared or persistent data necessary for the operation. (see [below for nested schema](#nestedatt--spec--pod_info_extractors--volume_mounts)) - -### Nested Schema for `spec.target_pod_templates.pod_selector` + +### Nested Schema for `spec.pod_info_extractors.pod_selector` Optional: -- `availability` (String) Specifies the pod selection criteria based on their availability: - 'Available': Only selects available pods, and terminates the action if none are found. - 'PreferredAvailable': Prioritizes available pods but considers others if none available. - 'None': No availability requirements. +- `multi_pod_selection_policy` (String) Defines the policy for selecting the target pod when multiple pods match the podSelector. It can be either 'Any' (select any one pod that matches the podSelector) or 'All' (select all pods that match the podSelector). - `role` (String) Specifies the role of the target Pod. -- `selection_policy` (String) Defines the policy for selecting the target pod when multiple pods match the podSelector. It can be either 'Any' (select any one pod that matches the podSelector) or 'All' (select all pods that match the podSelector). - -### Nested Schema for `spec.target_pod_templates.vars` + +### Nested Schema for `spec.pod_info_extractors.env` Required: - `name` (String) Specifies the name of the environment variable to be injected into Pods executing OpsActions. It must conform to the C_IDENTIFIER format, which includes only alphanumeric characters and underscores, and cannot begin with a digit. -- `value_from` (Attributes) Specifies the source of the environment variable's value. (see [below for nested schema](#nestedatt--spec--target_pod_templates--vars--value_from)) +- `value_from` (Attributes) Specifies the source of the environment variable's value. (see [below for nested schema](#nestedatt--spec--pod_info_extractors--env--value_from)) - -### Nested Schema for `spec.target_pod_templates.vars.value_from` + +### Nested Schema for `spec.pod_info_extractors.env.value_from` Optional: -- `env_ref` (Attributes) Specifies a reference to a specific environment variable within a container. Used to specify the source of the variable, which can be either 'env' or 'envFrom'. (see [below for nested schema](#nestedatt--spec--target_pod_templates--vars--value_from--env_ref)) -- `field_path` (String) Represents the JSONPath expression pointing to the specific data within the JSON structure of the target Pod. It is used to extract precise data locations for operations on the Pod. +- `env_ref` (Attributes) Specifies a reference to a specific environment variable within a container. Used to specify the source of the variable, which can be either 'env' or 'envFrom'. (see [below for nested schema](#nestedatt--spec--pod_info_extractors--env--value_from--env_ref)) +- `field_path` (Attributes) Represents the JSONPath expression pointing to the specific data within the JSON structure of the target Pod. It is used to extract precise data locations for operations on the Pod. (see [below for nested schema](#nestedatt--spec--pod_info_extractors--env--value_from--field_path)) - -### Nested Schema for `spec.target_pod_templates.vars.value_from.env_ref` + +### Nested Schema for `spec.pod_info_extractors.env.value_from.env_ref` Required: @@ -3445,13 +3427,25 @@ Required: Optional: -- `container_name` (String) Specifies the container name in the target Pod. If not specified, the first container will be used by default. +- `target_container_name` (String) Specifies the container name in the target Pod. If not specified, the first container will be used by default. + + + +### Nested Schema for `spec.pod_info_extractors.env.value_from.field_path` + +Required: + +- `field_path` (String) Path of the field to select in the specified API version. + +Optional: + +- `api_version` (String) Version of the schema the FieldPath is written in terms of, defaults to 'v1'. - -### Nested Schema for `spec.target_pod_templates.volume_mounts` + +### Nested Schema for `spec.pod_info_extractors.volume_mounts` Required: @@ -3464,3 +3458,20 @@ Optional: - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - `sub_path` (String) Path within the volume from which the container's volume should be mounted. Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to '' (volume's root). SubPathExpr and SubPath are mutually exclusive. + + + + +### Nested Schema for `spec.pre_conditions` + +Optional: + +- `rule` (Attributes) Specifies the conditions that must be met for the operation to execute. (see [below for nested schema](#nestedatt--spec--pre_conditions--rule)) + + +### Nested Schema for `spec.pre_conditions.rule` + +Required: + +- `expression` (String) Specifies a Go template expression that determines how the operation can be executed. The return value must be either 'true' or 'false'. Available built-in objects that can be referenced in the expression include: - 'params': Input parameters. - 'cluster': The referenced Cluster object. - 'component': The referenced Component object. +- `message` (String) Specifies the error or status message reported if the 'expression' does not evaluate to 'true'. diff --git a/docs/data-sources/apps_kubeblocks_io_ops_request_v1alpha1_manifest.md b/docs/data-sources/apps_kubeblocks_io_ops_request_v1alpha1_manifest.md index d6164055a..b7f9084fe 100644 --- a/docs/data-sources/apps_kubeblocks_io_ops_request_v1alpha1_manifest.md +++ b/docs/data-sources/apps_kubeblocks_io_ops_request_v1alpha1_manifest.md @@ -55,31 +55,46 @@ Optional: Required: -- `cluster_ref` (String) Specifies the name of the Cluster resource that this operation is targeting. - `type` (String) Specifies the type of this operation. Supported types include 'Start', 'Stop', 'Restart', 'Switchover', 'VerticalScaling', 'HorizontalScaling', 'VolumeExpansion', 'Reconfiguring', 'Upgrade', 'Backup', 'Restore', 'Expose', 'DataScript', 'RebuildInstance', 'Custom'. Note: This field is immutable once set. Optional: -- `backup_spec` (Attributes) Specifies the parameters to backup a Cluster. (see [below for nested schema](#nestedatt--spec--backup_spec)) +- `backup` (Attributes) Specifies the parameters to backup a Cluster. (see [below for nested schema](#nestedatt--spec--backup)) +- `backup_spec` (Attributes) Deprecated: since v0.9, use backup instead. Specifies the parameters to backup a Cluster. (see [below for nested schema](#nestedatt--spec--backup_spec)) - `cancel` (Boolean) Indicates whether the current operation should be canceled and terminated gracefully if it's in the 'Pending', 'Creating', or 'Running' state. This field applies only to 'VerticalScaling' and 'HorizontalScaling' opsRequests. Note: Setting 'cancel' to true is irreversible; further modifications to this field are ineffective. -- `custom_spec` (Attributes) Specifies a custom operation defined by OpsDefinition. (see [below for nested schema](#nestedatt--spec--custom_spec)) +- `cluster_name` (String) Specifies the name of the Cluster resource that this operation is targeting. +- `cluster_ref` (String) Deprecated: since v0.9, use clusterName instead. Specifies the name of the Cluster resource that this operation is targeting. +- `custom` (Attributes) Specifies a custom operation defined by OpsDefinition. (see [below for nested schema](#nestedatt--spec--custom)) - `expose` (Attributes List) Lists Expose objects, each specifying a Component and its services to be exposed. (see [below for nested schema](#nestedatt--spec--expose)) - `force` (Boolean) Instructs the system to bypass pre-checks (including cluster state checks and customized pre-conditions hooks) and immediately execute the opsRequest, except for the opsRequest of 'Start' type, which will still undergo pre-checks even if 'force' is true. This is useful for concurrent execution of 'VerticalScaling' and 'HorizontalScaling' opsRequests. By setting 'force' to true, you can bypass the default checks and demand these opsRequests to run simultaneously. Note: Once set, the 'force' field is immutable and cannot be updated. - `horizontal_scaling` (Attributes List) Lists HorizontalScaling objects, each specifying scaling requirements for a Component, including desired total replica counts, configurations for new instances, modifications for existing instances, and instance downscaling options. (see [below for nested schema](#nestedatt--spec--horizontal_scaling)) +- `pre_condition_deadline_seconds` (Number) Specifies the maximum time in seconds that the OpsRequest will wait for its pre-conditions to be met before it aborts the operation. If set to 0 (default), pre-conditions must be satisfied immediately for the OpsRequest to proceed. - `rebuild_from` (Attributes List) Specifies the parameters to rebuild some instances. Rebuilding an instance involves restoring its data from a backup or another database replica. The instances being rebuilt usually serve as standby in the cluster. Hence rebuilding instances is often also referred to as 'standby reconstruction'. (see [below for nested schema](#nestedatt--spec--rebuild_from)) - `reconfigure` (Attributes) Specifies a component and its configuration updates. This field is deprecated and replaced by 'reconfigures'. (see [below for nested schema](#nestedatt--spec--reconfigure)) - `reconfigures` (Attributes List) Lists Reconfigure objects, each specifying a Component and its configuration updates. (see [below for nested schema](#nestedatt--spec--reconfigures)) - `restart` (Attributes List) Lists Components to be restarted. (see [below for nested schema](#nestedatt--spec--restart)) -- `restore_from` (Attributes) Cluster RestoreFrom backup or point in time. (see [below for nested schema](#nestedatt--spec--restore_from)) -- `restore_spec` (Attributes) Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services. (see [below for nested schema](#nestedatt--spec--restore_spec)) +- `restore` (Attributes) Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services. (see [below for nested schema](#nestedatt--spec--restore)) +- `restore_spec` (Attributes) Deprecated: since v0.9, use restore instead. Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services. (see [below for nested schema](#nestedatt--spec--restore_spec)) - `script_spec` (Attributes) Specifies the image and scripts for executing engine-specific operations such as creating databases or users. It supports limited engines including MySQL, PostgreSQL, Redis, MongoDB. ScriptSpec has been replaced by the more versatile OpsDefinition. It is recommended to use OpsDefinition instead. ScriptSpec is deprecated and will be removed in a future version. (see [below for nested schema](#nestedatt--spec--script_spec)) - `switchover` (Attributes List) Lists Switchover objects, each specifying a Component to perform the switchover operation. (see [below for nested schema](#nestedatt--spec--switchover)) - `ttl_seconds_after_succeed` (Number) Specifies the duration in seconds that an OpsRequest will remain in the system after successfully completing (when 'opsRequest.status.phase' is 'Succeed') before automatic deletion. -- `ttl_seconds_before_abort` (Number) Specifies the maximum time in seconds that the OpsRequest will wait for its pre-conditions to be met before it aborts the operation. If set to 0 (default), pre-conditions must be satisfied immediately for the OpsRequest to proceed. - `upgrade` (Attributes) Specifies the desired new version of the Cluster. Note: This field is immutable once set. (see [below for nested schema](#nestedatt--spec--upgrade)) - `vertical_scaling` (List of Map of String) Lists VerticalScaling objects, each specifying a component and its desired compute resources for vertical scaling. - `volume_expansion` (Attributes List) Lists VolumeExpansion objects, each specifying a component and its corresponding volumeClaimTemplates that requires storage expansion. (see [below for nested schema](#nestedatt--spec--volume_expansion)) + +### Nested Schema for `spec.backup` + +Optional: + +- `backup_method` (String) Specifies the name of BackupMethod. The specified BackupMethod must be defined in the BackupPolicy. +- `backup_name` (String) Specifies the name of the Backup custom resource. +- `backup_policy_name` (String) Indicates the name of the BackupPolicy applied to perform this Backup. +- `deletion_policy` (String) Determines whether the backup contents stored in backup repository should be deleted when the Backup custom resource is deleted. Supported values are 'Retain' and 'Delete'. - 'Retain' means that the backup content and its physical snapshot on backup repository are kept. - 'Delete' means that the backup content and its physical snapshot on backup repository are deleted. +- `parent_backup_name` (String) If the specified BackupMethod is incremental, 'parentBackupName' is required. +- `retention_period` (String) Determines the duration for which the Backup custom resources should be retained. The controller will automatically remove all Backup objects that are older than the specified RetentionPeriod. For example, RetentionPeriod of '30d' will keep only the Backup objects of last 30 days. Sample duration format: - years: 2y - months: 6mo - days: 30d - hours: 12h - minutes: 30m You can also combine the above durations. For example: 30d12h30m. If not set, the Backup objects will be kept forever. If the 'deletionPolicy' is set to 'Delete', then the associated backup data will also be deleted along with the Backup object. Otherwise, only the Backup custom resource will be deleted. + + ### Nested Schema for `spec.backup_spec` @@ -93,21 +108,21 @@ Optional: - `retention_period` (String) Determines the duration for which the Backup custom resources should be retained. The controller will automatically remove all Backup objects that are older than the specified RetentionPeriod. For example, RetentionPeriod of '30d' will keep only the Backup objects of last 30 days. Sample duration format: - years: 2y - months: 6mo - days: 30d - hours: 12h - minutes: 30m You can also combine the above durations. For example: 30d12h30m. If not set, the Backup objects will be kept forever. If the 'deletionPolicy' is set to 'Delete', then the associated backup data will also be deleted along with the Backup object. Otherwise, only the Backup custom resource will be deleted. - -### Nested Schema for `spec.custom_spec` + +### Nested Schema for `spec.custom` Required: -- `components` (Attributes List) Specifies the components and their parameters for executing custom actions as defined in OpsDefinition. Requires at least one component. (see [below for nested schema](#nestedatt--spec--custom_spec--components)) -- `ops_definition_ref` (String) Specifies the name of the OpsDefinition. +- `components` (Attributes List) Specifies the components and their parameters for executing custom actions as defined in OpsDefinition. Requires at least one component. (see [below for nested schema](#nestedatt--spec--custom--components)) +- `ops_definition_name` (String) Specifies the name of the OpsDefinition. Optional: -- `parallelism` (String) Specifies the maximum number of components to be operated on concurrently to mitigate performance impact on clusters with multiple components. It accepts an absolute number (e.g., 5) or a percentage of components to execute in parallel (e.g., '10%'). Percentages are rounded up to the nearest whole number of components. For example, if '10%' results in less than one, it rounds up to 1. When unspecified, all components are processed simultaneously by default. Note: This feature is not implemented yet. +- `max_concurrent_components` (String) Specifies the maximum number of components to be operated on concurrently to mitigate performance impact on clusters with multiple components. It accepts an absolute number (e.g., 5) or a percentage of components to execute in parallel (e.g., '10%'). Percentages are rounded up to the nearest whole number of components. For example, if '10%' results in less than one, it rounds up to 1. When unspecified, all components are processed simultaneously by default. Note: This feature is not implemented yet. - `service_account_name` (String) Specifies the name of the ServiceAccount to be used for executing the custom operation. - -### Nested Schema for `spec.custom_spec.components` + +### Nested Schema for `spec.custom.components` Required: @@ -115,10 +130,10 @@ Required: Optional: -- `parameters` (Attributes List) Specifies the parameters that match the schema specified in the 'opsDefinition.spec.parametersSchema'. (see [below for nested schema](#nestedatt--spec--custom_spec--components--parameters)) +- `parameters` (Attributes List) Specifies the parameters that match the schema specified in the 'opsDefinition.spec.parametersSchema'. (see [below for nested schema](#nestedatt--spec--custom--components--parameters)) - -### Nested Schema for `spec.custom_spec.components.parameters` + +### Nested Schema for `spec.custom.components.parameters` Required: @@ -152,9 +167,9 @@ Optional: - `annotations` (Map of String) Contains cloud provider related parameters if ServiceType is LoadBalancer. More info: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer. - `ip_families` (List of String) A list of IP families (e.g., IPv4, IPv6) assigned to this Service. Usually assigned automatically based on the cluster configuration and the 'ipFamilyPolicy' field. If specified manually, the requested IP family must be available in the cluster and allowed by the 'ipFamilyPolicy'. If the requested IP family is not available or not allowed, the Service creation will fail. Valid values: - 'IPv4' - 'IPv6' This field may hold a maximum of two entries (dual-stack families, in either order). Common combinations of 'ipFamilies' and 'ipFamilyPolicy' are: - ipFamilies=[] + ipFamilyPolicy='PreferDualStack' : The Service prefers dual-stack but can fall back to single-stack if the cluster does not support dual-stack. The IP family is automatically assigned based on the cluster configuration. - ipFamilies=['IPV4','IPV6'] + ipFamilyPolicy='RequiredDualStack' : The Service requires dual-stack and will only be created if the cluster supports both IPv4 and IPv6. The primary IP family is IPV4. - ipFamilies=['IPV6','IPV4'] + ipFamilyPolicy='RequiredDualStack' : The Service requires dual-stack and will only be created if the cluster supports both IPv4 and IPv6. The primary IP family is IPV6. - ipFamilies=['IPV4'] + ipFamilyPolicy='SingleStack' : The Service uses a single-stack with IPv4 only. - ipFamilies=['IPV6'] + ipFamilyPolicy='SingleStack' : The Service uses a single-stack with IPv6 only. - `ip_family_policy` (String) Specifies whether the Service should use a single IP family (SingleStack) or two IP families (DualStack). Possible values: - 'SingleStack' (default) : The Service uses a single IP family. If no value is provided, IPFamilyPolicy defaults to SingleStack. - 'PreferDualStack' : The Service prefers to use two IP families on dual-stack configured clusters or a single IP family on single-stack clusters. - 'RequiredDualStack' : The Service requires two IP families on dual-stack configured clusters. If the cluster is not configured for dual-stack, the Service creation fails. +- `pod_selector` (Map of String) Routes service traffic to pods with matching label keys and values. If specified, the service will only be exposed to pods matching the selector. Note: At least one of 'roleSelector' or 'selector' must be specified. If both are specified, a pod must match both conditions to be selected. - `ports` (Attributes List) Specifies Port definitions that are to be exposed by a ClusterService. If not specified, the Port definitions from non-NodePort and non-LoadBalancer type ComponentService defined in the ComponentDefinition ('componentDefinition.spec.services') will be used. If no matching ComponentService is found, the expose operation will fail. More info: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports (see [below for nested schema](#nestedatt--spec--expose--services--ports)) - `role_selector` (String) Specifies a role to target with the service. If specified, the service will only be exposed to pods with the matching role. Note: At least one of 'roleSelector' or 'selector' must be specified. If both are specified, a pod must match both conditions to be selected. -- `selector` (Map of String) Routes service traffic to pods with matching label keys and values. If specified, the service will only be exposed to pods matching the selector. Note: At least one of 'roleSelector' or 'selector' must be specified. If both are specified, a pod must match both conditions to be selected. - `service_type` (String) Determines how the Service is exposed. Defaults to 'ClusterIP'. Valid options are 'ClusterIP', 'NodePort', and 'LoadBalancer'. - 'ClusterIP': allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. - 'NodePort': builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. - 'LoadBalancer': builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for the expose operation. For more info, see: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types. @@ -1161,7 +1176,7 @@ Required: Optional: - `backup_name` (String) Indicates the name of the Backup custom resource from which to recover the instance. Defaults to an empty PersistentVolume if unspecified. Note: - Only full physical backups are supported for multi-replica Components (e.g., 'xtrabackup' for MySQL). - Logical backups (e.g., 'mysqldump' for MySQL) are unsupported in the current version. -- `env_for_restore` (Map of String) Defines container environment variables for the restore process. merged with the ones specified in the Backup and ActionSet resources. Merge priority: Restore env > Backup env > ActionSet env. Purpose: Some databases require different configurations when being restored as a standby compared to being restored as a primary. For example, when restoring MySQL as a replica, you need to set 'skip_slave_start='ON'' for 5.7 or 'skip_replica_start='ON'' for 8.0. Allowing environment variables to be passed in makes it more convenient to control these behavioral differences during the restore process. +- `restore_env` (Map of String) Defines container environment variables for the restore process. merged with the ones specified in the Backup and ActionSet resources. Merge priority: Restore env > Backup env > ActionSet env. Purpose: Some databases require different configurations when being restored as a standby compared to being restored as a primary. For example, when restoring MySQL as a replica, you need to set 'skip_slave_start='ON'' for 5.7 or 'skip_replica_start='ON'' for 8.0. Allowing environment variables to be passed in makes it more convenient to control these behavioral differences during the restore process. ### Nested Schema for `spec.rebuild_from.instances` @@ -1278,48 +1293,18 @@ Required: - `component_name` (String) Specifies the name of the Component. - -### Nested Schema for `spec.restore_from` - -Optional: - -- `backup` (Attributes List) Refers to the backup name and component name used for restoration. Supports recovery of multiple Components. (see [below for nested schema](#nestedatt--spec--restore_from--backup)) -- `point_in_time` (Attributes) Refers to the specific point in time for recovery. (see [below for nested schema](#nestedatt--spec--restore_from--point_in_time)) - - -### Nested Schema for `spec.restore_from.backup` - -Optional: - -- `ref` (Attributes) Refers to a reference backup that needs to be restored. (see [below for nested schema](#nestedatt--spec--restore_from--backup--ref)) - - -### Nested Schema for `spec.restore_from.backup.ref` - -Optional: - -- `name` (String) Refers to the specific name of the resource. -- `namespace` (String) Refers to the specific namespace of the resource. - - + +### Nested Schema for `spec.restore` - -### Nested Schema for `spec.restore_from.point_in_time` - -Optional: - -- `ref` (Attributes) Refers to a reference source cluster that needs to be restored. (see [below for nested schema](#nestedatt--spec--restore_from--point_in_time--ref)) -- `time` (String) Refers to the specific time point for restoration, with UTC as the time zone. +Required: - -### Nested Schema for `spec.restore_from.point_in_time.ref` +- `backup_name` (String) Specifies the name of the Backup custom resource. Optional: -- `name` (String) Refers to the specific name of the resource. -- `namespace` (String) Refers to the specific namespace of the resource. - - +- `defer_post_ready_until_cluster_running` (Boolean) Controls the timing of PostReady actions during the recovery process. If false (default), PostReady actions execute when the Component reaches the 'Running' state. If true, PostReady actions are delayed until the entire Cluster is 'Running,' ensuring the cluster's overall stability before proceeding. This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions. +- `restore_point_in_time` (String) Specifies the point in time to which the restore should be performed. Supported time formats: - RFC3339 format, e.g. '2023-11-25T18:52:53Z' - A human-readable date-time format, e.g. 'Jul 25,2023 18:52:53 UTC+0800' +- `volume_restore_policy` (String) Specifies the policy for restoring volume claims of a Component's Pods. It determines whether the volume claims should be restored sequentially (one by one) or in parallel (all at once). Support values: - 'Serial' - 'Parallel' @@ -1331,8 +1316,8 @@ Required: Optional: -- `do_ready_restore_after_cluster_running` (Boolean) Controls the timing of PostReady actions during the recovery process. If false (default), PostReady actions execute when the Component reaches the 'Running' state. If true, PostReady actions are delayed until the entire Cluster is 'Running,' ensuring the cluster's overall stability before proceeding. This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions. -- `restore_time_str` (String) Specifies the point in time to which the restore should be performed. Supported time formats: - RFC3339 format, e.g. '2023-11-25T18:52:53Z' - A human-readable date-time format, e.g. 'Jul 25,2023 18:52:53 UTC+0800' +- `defer_post_ready_until_cluster_running` (Boolean) Controls the timing of PostReady actions during the recovery process. If false (default), PostReady actions execute when the Component reaches the 'Running' state. If true, PostReady actions are delayed until the entire Cluster is 'Running,' ensuring the cluster's overall stability before proceeding. This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions. +- `restore_point_in_time` (String) Specifies the point in time to which the restore should be performed. Supported time formats: - RFC3339 format, e.g. '2023-11-25T18:52:53Z' - A human-readable date-time format, e.g. 'Jul 25,2023 18:52:53 UTC+0800' - `volume_restore_policy` (String) Specifies the policy for restoring volume claims of a Component's Pods. It determines whether the volume claims should be restored sequentially (one by one) or in parallel (all at once). Support values: - 'Serial' - 'Parallel' @@ -1449,7 +1434,7 @@ Required: Optional: -- `instances` (Attributes List) Specifies the instance template that need to volume expand. (see [below for nested schema](#nestedatt--spec--volume_expansion--instances)) +- `instances` (Attributes List) Specifies the desired storage size of the instance template that need to volume expand. (see [below for nested schema](#nestedatt--spec--volume_expansion--instances)) ### Nested Schema for `spec.volume_expansion.volume_claim_templates` diff --git a/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1_manifest.md b/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1_manifest.md index c669cb2bd..4f01e198f 100644 --- a/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1_manifest.md +++ b/docs/data-sources/asdb_aerospike_com_aerospike_cluster_v1_manifest.md @@ -68,6 +68,7 @@ Optional: - `aerospike_access_control` (Attributes) Has the Aerospike roles and users definitions. Required if aerospike cluster security is enabled. (see [below for nested schema](#nestedatt--spec--aerospike_access_control)) - `aerospike_network_policy` (Attributes) AerospikeNetworkPolicy specifies how clients and tools access the Aerospike cluster. (see [below for nested schema](#nestedatt--spec--aerospike_network_policy)) +- `disable_pdb` (Boolean) Disable the PodDisruptionBudget creation for the Aerospike cluster. - `enable_dynamic_config_update` (Boolean) EnableDynamicConfigUpdate enables dynamic config update flow of the operator. If enabled, operator will try to update the Aerospike config dynamically. In case of inconsistent state during dynamic config update, operator falls back to rolling restart. - `k8s_node_block_list` (List of String) K8sNodeBlockList is a list of Kubernetes nodes which are not used for Aerospike pods. Pods are not scheduled on these nodes. Pods are migrated from these nodes if already present. This is useful for the maintenance of Kubernetes nodes. - `max_unavailable` (String) MaxUnavailable is the percentage/number of pods that can be allowed to go down or unavailable before application disruption. This value is used to create PodDisruptionBudget. Defaults to 1. Refer Aerospike documentation for more details. diff --git a/docs/data-sources/beat_k8s_elastic_co_beat_v1beta1_manifest.md b/docs/data-sources/beat_k8s_elastic_co_beat_v1beta1_manifest.md index 814972f16..91937e0a6 100644 --- a/docs/data-sources/beat_k8s_elastic_co_beat_v1beta1_manifest.md +++ b/docs/data-sources/beat_k8s_elastic_co_beat_v1beta1_manifest.md @@ -124,7 +124,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -134,7 +134,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -144,9 +144,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -621,6 +621,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -632,6 +633,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--containers--working_dir--windows_options)) + +### Nested Schema for `spec.daemon_set.pod_template.spec.containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.daemon_set.pod_template.spec.containers.working_dir.capabilities` @@ -768,8 +781,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -906,8 +920,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -967,8 +981,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1044,8 +1058,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1105,8 +1119,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1642,6 +1656,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1653,6 +1668,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--ephemeral_containers--working_dir--windows_options)) + +### Nested Schema for `spec.daemon_set.pod_template.spec.ephemeral_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.daemon_set.pod_template.spec.ephemeral_containers.working_dir.capabilities` @@ -1789,8 +1816,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2278,6 +2306,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2289,6 +2318,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--init_containers--working_dir--windows_options)) + +### Nested Schema for `spec.daemon_set.pod_template.spec.init_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.daemon_set.pod_template.spec.init_containers.working_dir.capabilities` @@ -2425,8 +2466,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2482,6 +2524,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2493,6 +2536,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--security_context--windows_options)) + +### Nested Schema for `spec.daemon_set.pod_template.spec.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.daemon_set.pod_template.spec.security_context.se_linux_options` @@ -2562,7 +2617,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2781,7 +2836,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--items--resource_field_ref)) @@ -2850,7 +2905,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3197,7 +3252,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--daemon_set--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) @@ -3461,7 +3516,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -3471,7 +3526,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -3481,9 +3536,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -3958,6 +4013,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -3969,6 +4025,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--containers--working_dir--windows_options)) + +### Nested Schema for `spec.deployment.pod_template.spec.containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.deployment.pod_template.spec.containers.working_dir.capabilities` @@ -4105,8 +4173,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -4243,8 +4312,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4304,8 +4373,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4381,8 +4450,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4442,8 +4511,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4979,6 +5048,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -4990,6 +5060,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--ephemeral_containers--working_dir--windows_options)) + +### Nested Schema for `spec.deployment.pod_template.spec.ephemeral_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.deployment.pod_template.spec.ephemeral_containers.working_dir.capabilities` @@ -5126,8 +5208,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -5615,6 +5698,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -5626,6 +5710,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--init_containers--working_dir--windows_options)) + +### Nested Schema for `spec.deployment.pod_template.spec.init_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.deployment.pod_template.spec.init_containers.working_dir.capabilities` @@ -5762,8 +5858,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -5819,6 +5916,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -5830,6 +5928,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--security_context--windows_options)) + +### Nested Schema for `spec.deployment.pod_template.spec.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.deployment.pod_template.spec.security_context.se_linux_options` @@ -5899,7 +6009,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -6118,7 +6228,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--items--resource_field_ref)) @@ -6187,7 +6297,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -6534,7 +6644,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--deployment--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) diff --git a/docs/data-sources/camel_apache_org_integration_platform_v1_manifest.md b/docs/data-sources/camel_apache_org_integration_platform_v1_manifest.md index 8ce046aae..d6329d1ae 100644 --- a/docs/data-sources/camel_apache_org_integration_platform_v1_manifest.md +++ b/docs/data-sources/camel_apache_org_integration_platform_v1_manifest.md @@ -322,6 +322,7 @@ Optional: - `quarkus` (Attributes) The configuration of Quarkus trait (see [below for nested schema](#nestedatt--spec--traits--quarkus)) - `registry` (Attributes) The configuration of Registry trait Deprecated: use jvm trait or read documentation. (see [below for nested schema](#nestedatt--spec--traits--registry)) - `route` (Attributes) The configuration of Route trait (see [below for nested schema](#nestedatt--spec--traits--route)) +- `security_context` (Attributes) The configuration of Security Context trait (see [below for nested schema](#nestedatt--spec--traits--security_context)) - `service` (Attributes) The configuration of Service trait (see [below for nested schema](#nestedatt--spec--traits--service)) - `service_binding` (Attributes) The configuration of Service Binding trait (see [below for nested schema](#nestedatt--spec--traits--service_binding)) - `strimzi` (Attributes) Deprecated: for backward compatibility. (see [below for nested schema](#nestedatt--spec--traits--strimzi)) @@ -388,7 +389,10 @@ Optional: Optional: +- `allow_privilege_escalation` (Boolean) Security Context AllowPrivilegeEscalation configuration (default false). - `auto` (Boolean) To automatically enable the trait +- `capabilities_add` (List of String) Security Context Capabilities Add configuration (default none). +- `capabilities_drop` (List of String) Security Context Capabilities Drop configuration (default ALL). - `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `expose` (Boolean) Can be used to enable/disable exposure via kubernetes Service. @@ -401,6 +405,9 @@ Optional: - `port_name` (String) To configure a different port name for the port exposed by the container. It defaults to 'http' only when the 'expose' parameter is true. - `request_cpu` (String) The minimum amount of CPU required. - `request_memory` (String) The minimum amount of memory required. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). - `service_port` (Number) To configure under which service port the container port is to be exposed (default '80'). - `service_port_name` (String) To configure under which service port name the container port is to be exposed (default 'http'). @@ -790,6 +797,18 @@ Optional: - `tls_termination` (String) The TLS termination type, like 'edge', 'passthrough' or 'reencrypt'. Refer to the OpenShift route documentation for additional information. + +### Nested Schema for `spec.traits.security_context` + +Optional: + +- `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. +- `enabled` (Boolean) Deprecated: no longer in use. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). + + ### Nested Schema for `spec.traits.service` diff --git a/docs/data-sources/camel_apache_org_integration_profile_v1_manifest.md b/docs/data-sources/camel_apache_org_integration_profile_v1_manifest.md index c1ca5bc4b..1b46d6874 100644 --- a/docs/data-sources/camel_apache_org_integration_profile_v1_manifest.md +++ b/docs/data-sources/camel_apache_org_integration_profile_v1_manifest.md @@ -287,6 +287,7 @@ Optional: - `quarkus` (Attributes) The configuration of Quarkus trait (see [below for nested schema](#nestedatt--spec--traits--quarkus)) - `registry` (Attributes) The configuration of Registry trait Deprecated: use jvm trait or read documentation. (see [below for nested schema](#nestedatt--spec--traits--registry)) - `route` (Attributes) The configuration of Route trait (see [below for nested schema](#nestedatt--spec--traits--route)) +- `security_context` (Attributes) The configuration of Security Context trait (see [below for nested schema](#nestedatt--spec--traits--security_context)) - `service` (Attributes) The configuration of Service trait (see [below for nested schema](#nestedatt--spec--traits--service)) - `service_binding` (Attributes) The configuration of Service Binding trait (see [below for nested schema](#nestedatt--spec--traits--service_binding)) - `strimzi` (Attributes) Deprecated: for backward compatibility. (see [below for nested schema](#nestedatt--spec--traits--strimzi)) @@ -353,7 +354,10 @@ Optional: Optional: +- `allow_privilege_escalation` (Boolean) Security Context AllowPrivilegeEscalation configuration (default false). - `auto` (Boolean) To automatically enable the trait +- `capabilities_add` (List of String) Security Context Capabilities Add configuration (default none). +- `capabilities_drop` (List of String) Security Context Capabilities Drop configuration (default ALL). - `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `expose` (Boolean) Can be used to enable/disable exposure via kubernetes Service. @@ -366,6 +370,9 @@ Optional: - `port_name` (String) To configure a different port name for the port exposed by the container. It defaults to 'http' only when the 'expose' parameter is true. - `request_cpu` (String) The minimum amount of CPU required. - `request_memory` (String) The minimum amount of memory required. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). - `service_port` (Number) To configure under which service port the container port is to be exposed (default '80'). - `service_port_name` (String) To configure under which service port name the container port is to be exposed (default 'http'). @@ -755,6 +762,18 @@ Optional: - `tls_termination` (String) The TLS termination type, like 'edge', 'passthrough' or 'reencrypt'. Refer to the OpenShift route documentation for additional information. + +### Nested Schema for `spec.traits.security_context` + +Optional: + +- `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. +- `enabled` (Boolean) Deprecated: no longer in use. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). + + ### Nested Schema for `spec.traits.service` diff --git a/docs/data-sources/camel_apache_org_integration_v1_manifest.md b/docs/data-sources/camel_apache_org_integration_v1_manifest.md index f5afcf4bf..c788b71ac 100644 --- a/docs/data-sources/camel_apache_org_integration_v1_manifest.md +++ b/docs/data-sources/camel_apache_org_integration_v1_manifest.md @@ -2847,6 +2847,7 @@ Optional: - `quarkus` (Attributes) The configuration of Quarkus trait (see [below for nested schema](#nestedatt--spec--traits--quarkus)) - `registry` (Attributes) The configuration of Registry trait Deprecated: use jvm trait or read documentation. (see [below for nested schema](#nestedatt--spec--traits--registry)) - `route` (Attributes) The configuration of Route trait (see [below for nested schema](#nestedatt--spec--traits--route)) +- `security_context` (Attributes) The configuration of Security Context trait (see [below for nested schema](#nestedatt--spec--traits--security_context)) - `service` (Attributes) The configuration of Service trait (see [below for nested schema](#nestedatt--spec--traits--service)) - `service_binding` (Attributes) The configuration of Service Binding trait (see [below for nested schema](#nestedatt--spec--traits--service_binding)) - `strimzi` (Attributes) Deprecated: for backward compatibility. (see [below for nested schema](#nestedatt--spec--traits--strimzi)) @@ -2913,7 +2914,10 @@ Optional: Optional: +- `allow_privilege_escalation` (Boolean) Security Context AllowPrivilegeEscalation configuration (default false). - `auto` (Boolean) To automatically enable the trait +- `capabilities_add` (List of String) Security Context Capabilities Add configuration (default none). +- `capabilities_drop` (List of String) Security Context Capabilities Drop configuration (default ALL). - `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `expose` (Boolean) Can be used to enable/disable exposure via kubernetes Service. @@ -2926,6 +2930,9 @@ Optional: - `port_name` (String) To configure a different port name for the port exposed by the container. It defaults to 'http' only when the 'expose' parameter is true. - `request_cpu` (String) The minimum amount of CPU required. - `request_memory` (String) The minimum amount of memory required. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). - `service_port` (Number) To configure under which service port the container port is to be exposed (default '80'). - `service_port_name` (String) To configure under which service port name the container port is to be exposed (default 'http'). @@ -3315,6 +3322,18 @@ Optional: - `tls_termination` (String) The TLS termination type, like 'edge', 'passthrough' or 'reencrypt'. Refer to the OpenShift route documentation for additional information. + +### Nested Schema for `spec.traits.security_context` + +Optional: + +- `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. +- `enabled` (Boolean) Deprecated: no longer in use. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). + + ### Nested Schema for `spec.traits.service` diff --git a/docs/data-sources/camel_apache_org_kamelet_binding_v1alpha1_manifest.md b/docs/data-sources/camel_apache_org_kamelet_binding_v1alpha1_manifest.md index d8c313c04..7bf6031f9 100644 --- a/docs/data-sources/camel_apache_org_kamelet_binding_v1alpha1_manifest.md +++ b/docs/data-sources/camel_apache_org_kamelet_binding_v1alpha1_manifest.md @@ -2860,6 +2860,7 @@ Optional: - `quarkus` (Attributes) The configuration of Quarkus trait (see [below for nested schema](#nestedatt--spec--integration--traits--quarkus)) - `registry` (Attributes) The configuration of Registry trait Deprecated: use jvm trait or read documentation. (see [below for nested schema](#nestedatt--spec--integration--traits--registry)) - `route` (Attributes) The configuration of Route trait (see [below for nested schema](#nestedatt--spec--integration--traits--route)) +- `security_context` (Attributes) The configuration of Security Context trait (see [below for nested schema](#nestedatt--spec--integration--traits--security_context)) - `service` (Attributes) The configuration of Service trait (see [below for nested schema](#nestedatt--spec--integration--traits--service)) - `service_binding` (Attributes) The configuration of Service Binding trait (see [below for nested schema](#nestedatt--spec--integration--traits--service_binding)) - `strimzi` (Attributes) Deprecated: for backward compatibility. (see [below for nested schema](#nestedatt--spec--integration--traits--strimzi)) @@ -2926,7 +2927,10 @@ Optional: Optional: +- `allow_privilege_escalation` (Boolean) Security Context AllowPrivilegeEscalation configuration (default false). - `auto` (Boolean) To automatically enable the trait +- `capabilities_add` (List of String) Security Context Capabilities Add configuration (default none). +- `capabilities_drop` (List of String) Security Context Capabilities Drop configuration (default ALL). - `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `expose` (Boolean) Can be used to enable/disable exposure via kubernetes Service. @@ -2939,6 +2943,9 @@ Optional: - `port_name` (String) To configure a different port name for the port exposed by the container. It defaults to 'http' only when the 'expose' parameter is true. - `request_cpu` (String) The minimum amount of CPU required. - `request_memory` (String) The minimum amount of memory required. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). - `service_port` (Number) To configure under which service port the container port is to be exposed (default '80'). - `service_port_name` (String) To configure under which service port name the container port is to be exposed (default 'http'). @@ -3328,6 +3335,18 @@ Optional: - `tls_termination` (String) The TLS termination type, like 'edge', 'passthrough' or 'reencrypt'. Refer to the OpenShift route documentation for additional information. + +### Nested Schema for `spec.integration.traits.security_context` + +Optional: + +- `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. +- `enabled` (Boolean) Deprecated: no longer in use. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). + + ### Nested Schema for `spec.integration.traits.service` diff --git a/docs/data-sources/camel_apache_org_pipe_v1_manifest.md b/docs/data-sources/camel_apache_org_pipe_v1_manifest.md index 108c9fd70..240533626 100644 --- a/docs/data-sources/camel_apache_org_pipe_v1_manifest.md +++ b/docs/data-sources/camel_apache_org_pipe_v1_manifest.md @@ -2860,6 +2860,7 @@ Optional: - `quarkus` (Attributes) The configuration of Quarkus trait (see [below for nested schema](#nestedatt--spec--integration--traits--quarkus)) - `registry` (Attributes) The configuration of Registry trait Deprecated: use jvm trait or read documentation. (see [below for nested schema](#nestedatt--spec--integration--traits--registry)) - `route` (Attributes) The configuration of Route trait (see [below for nested schema](#nestedatt--spec--integration--traits--route)) +- `security_context` (Attributes) The configuration of Security Context trait (see [below for nested schema](#nestedatt--spec--integration--traits--security_context)) - `service` (Attributes) The configuration of Service trait (see [below for nested schema](#nestedatt--spec--integration--traits--service)) - `service_binding` (Attributes) The configuration of Service Binding trait (see [below for nested schema](#nestedatt--spec--integration--traits--service_binding)) - `strimzi` (Attributes) Deprecated: for backward compatibility. (see [below for nested schema](#nestedatt--spec--integration--traits--strimzi)) @@ -2926,7 +2927,10 @@ Optional: Optional: +- `allow_privilege_escalation` (Boolean) Security Context AllowPrivilegeEscalation configuration (default false). - `auto` (Boolean) To automatically enable the trait +- `capabilities_add` (List of String) Security Context Capabilities Add configuration (default none). +- `capabilities_drop` (List of String) Security Context Capabilities Drop configuration (default ALL). - `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. - `enabled` (Boolean) Deprecated: no longer in use. - `expose` (Boolean) Can be used to enable/disable exposure via kubernetes Service. @@ -2939,6 +2943,9 @@ Optional: - `port_name` (String) To configure a different port name for the port exposed by the container. It defaults to 'http' only when the 'expose' parameter is true. - `request_cpu` (String) The minimum amount of CPU required. - `request_memory` (String) The minimum amount of memory required. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). - `service_port` (Number) To configure under which service port the container port is to be exposed (default '80'). - `service_port_name` (String) To configure under which service port name the container port is to be exposed (default 'http'). @@ -3328,6 +3335,18 @@ Optional: - `tls_termination` (String) The TLS termination type, like 'edge', 'passthrough' or 'reencrypt'. Refer to the OpenShift route documentation for additional information. + +### Nested Schema for `spec.integration.traits.security_context` + +Optional: + +- `configuration` (Map of String) Legacy trait configuration parameters. Deprecated: for backward compatibility. +- `enabled` (Boolean) Deprecated: no longer in use. +- `run_as_non_root` (Boolean) Security Context RunAsNonRoot configuration (default false). +- `run_as_user` (Number) Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set. +- `seccomp_profile_type` (String) Security Context SeccompProfileType configuration (default RuntimeDefault). + + ### Nested Schema for `spec.integration.traits.service` diff --git a/docs/data-sources/capsule_clastix_io_capsule_configuration_v1beta2_manifest.md b/docs/data-sources/capsule_clastix_io_capsule_configuration_v1beta2_manifest.md index 69ca5a1b7..e2bd2e784 100644 --- a/docs/data-sources/capsule_clastix_io_capsule_configuration_v1beta2_manifest.md +++ b/docs/data-sources/capsule_clastix_io_capsule_configuration_v1beta2_manifest.md @@ -54,13 +54,13 @@ Optional: Required: -- `enable_tls_reconciler` (Boolean) Toggles the TLS reconciler, the controller that is able to generate CA and certificates for the webhooks when not using an already provided CA and certificate, or when these are managed externally with Vault, or cert-manager. +- `enable_tls_reconciler` (Boolean) Toggles the TLS reconciler, the controller that is able to generate CA and certificates for the webhookswhen not using an already provided CA and certificate, or when these are managed externally with Vault, or cert-manager. Optional: -- `force_tenant_prefix` (Boolean) Enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash. This is useful to avoid Namespace name collision in a public CaaS environment. -- `node_metadata` (Attributes) Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant. This applies only if the Tenant has an active NodeSelector, and the Owner have right to patch their nodes. (see [below for nested schema](#nestedatt--spec--node_metadata)) -- `overrides` (Attributes) Allows to set different name rather than the canonical one for the Capsule configuration objects, such as webhook secret or configurations. (see [below for nested schema](#nestedatt--spec--overrides)) +- `force_tenant_prefix` (Boolean) Enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix,separated by a dash. This is useful to avoid Namespace name collision in a public CaaS environment. +- `node_metadata` (Attributes) Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant.This applies only if the Tenant has an active NodeSelector, and the Owner have right to patch their nodes. (see [below for nested schema](#nestedatt--spec--node_metadata)) +- `overrides` (Attributes) Allows to set different name rather than the canonical one for the Capsule configuration objects,such as webhook secret or configurations. (see [below for nested schema](#nestedatt--spec--overrides)) - `protected_namespace_regex` (String) Disallow creation of namespaces, whose name matches this regexp - `user_groups` (List of String) Names of the groups for Capsule users. @@ -97,5 +97,5 @@ Optional: Required: - `mutating_webhook_configuration_name` (String) Name of the MutatingWebhookConfiguration which contains the dynamic admission controller paths and resources. -- `tls_secret_name` (String) Defines the Secret name used for the webhook server. Must be in the same Namespace where the Capsule Deployment is deployed. +- `tls_secret_name` (String) Defines the Secret name used for the webhook server.Must be in the same Namespace where the Capsule Deployment is deployed. - `validating_webhook_configuration_name` (String) Name of the ValidatingWebhookConfiguration which contains the dynamic admission controller paths and resources. diff --git a/docs/data-sources/capsule_clastix_io_tenant_v1beta1_manifest.md b/docs/data-sources/capsule_clastix_io_tenant_v1beta1_manifest.md index 5b342c9be..c1d9033a0 100644 --- a/docs/data-sources/capsule_clastix_io_tenant_v1beta1_manifest.md +++ b/docs/data-sources/capsule_clastix_io_tenant_v1beta1_manifest.md @@ -106,13 +106,13 @@ Required: Required: -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'. If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. - `name` (String) Name of the object being referenced. Optional: -- `api_group` (String) APIGroup holds the API group of the referenced subject. Defaults to '' for ServiceAccount subjects. Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not empty the Authorizer should report an error. +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. @@ -132,7 +132,7 @@ Optional: - `allowed_classes` (Attributes) Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. Optional. (see [below for nested schema](#nestedatt--spec--ingress_options--allowed_classes)) - `allowed_hostnames` (Attributes) Specifies the allowed hostnames in Ingresses for the given Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed hostnames. Optional. (see [below for nested schema](#nestedatt--spec--ingress_options--allowed_hostnames)) -- `hostname_collision_scope` (String) Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames. - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule. - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant. - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace. Optional. +- `hostname_collision_scope` (String) Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.- Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule.- Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant.- Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace.Optional. ### Nested Schema for `spec.ingress_options.allowed_classes` @@ -215,13 +215,13 @@ Optional: Required: -- `pod_selector` (Attributes) podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--pod_selector)) +- `pod_selector` (Attributes) podSelector selects the pods to which this NetworkPolicy object applies.The array of ingress rules is applied to any pods selected by this field.Multiple network policies can select the same set of pods. In this case,the ingress rules for each are combined additively.This field is NOT optional and follows standard label selector semantics.An empty podSelector matches all pods in this namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--pod_selector)) Optional: -- `egress` (Attributes List) egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8 (see [below for nested schema](#nestedatt--spec--network_policies--items--egress)) -- `ingress` (Attributes List) ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default) (see [below for nested schema](#nestedatt--spec--network_policies--items--ingress)) -- `policy_types` (List of String) policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress']. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include 'Egress' (since such a policy would not include an egress section and would otherwise default to just [ 'Ingress' ]). This field is beta-level in 1.8 +- `egress` (Attributes List) egress is a list of egress rules to be applied to the selected pods. Outgoing trafficis allowed if there are no NetworkPolicies selecting the pod (and cluster policyotherwise allows the traffic), OR if the traffic matches at least one egress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy limits all outgoing traffic (and servessolely to ensure that the pods it selects are isolated by default).This field is beta-level in 1.8 (see [below for nested schema](#nestedatt--spec--network_policies--items--egress)) +- `ingress` (Attributes List) ingress is a list of ingress rules to be applied to the selected pods.Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod(and cluster policy otherwise allows the traffic), OR if the traffic source isthe pod's local node, OR if the traffic matches at least one ingress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy does not allow any traffic (and servessolely to ensure that the pods it selects are isolated by default) (see [below for nested schema](#nestedatt--spec--network_policies--items--ingress)) +- `policy_types` (List of String) policyTypes is a list of rule types that the NetworkPolicy relates to.Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress'].If this field is not specified, it will default based on the existence of ingress or egress rules;policies that contain an egress section are assumed to affect egress, and all policies(whether or not they contain an ingress section) are assumed to affect ingress.If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ].Likewise, if you want to write a policy that specifies that no egress is allowed,you must specify a policyTypes value that include 'Egress' (since such a policy would not includean egress section and would otherwise default to just [ 'Ingress' ]).This field is beta-level in 1.8 ### Nested Schema for `spec.network_policies.items.pod_selector` @@ -229,7 +229,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.match_expressions` @@ -237,11 +237,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -250,17 +250,17 @@ Optional: Optional: -- `ports` (Attributes List) ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--ports)) -- `to` (Attributes List) to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to)) +- `ports` (Attributes List) ports is a list of destination ports for outgoing traffic.Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--ports)) +- `to` (Attributes List) to is a list of destinations for outgoing traffic of pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all destinations (traffic not restricted bydestination). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the to list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to)) ### Nested Schema for `spec.network_policies.items.policy_types.ports` Optional: -- `end_port` (Number) endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. -- `port` (String) port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. -- `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. +- `end_port` (Number) endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port. +- `port` (String) port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched. +- `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP. @@ -268,20 +268,20 @@ Optional: Optional: -- `ip_block` (Attributes) ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--ip_block)) -- `namespace_selector` (Attributes) namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--namespace_selector)) -- `pod_selector` (Attributes) podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--pod_selector)) +- `ip_block` (Attributes) ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--ip_block)) +- `namespace_selector` (Attributes) namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--namespace_selector)) +- `pod_selector` (Attributes) podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--pod_selector)) ### Nested Schema for `spec.network_policies.items.policy_types.to.ip_block` Required: -- `cidr` (String) cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' +- `cidr` (String) cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64' Optional: -- `except` (List of String) except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range +- `except` (List of String) except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range @@ -290,7 +290,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.to.pod_selector.match_expressions` @@ -298,11 +298,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -312,7 +312,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.to.pod_selector.match_expressions` @@ -320,11 +320,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -335,28 +335,28 @@ Optional: Optional: -- `from` (Attributes List) from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from)) -- `ports` (Attributes List) ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--ports)) +- `from` (Attributes List) from is a list of sources which should be able to access the pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all sources (traffic not restricted bysource). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the from list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from)) +- `ports` (Attributes List) ports is a list of ports which should be made accessible on the pods selected forthis rule. Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--ports)) ### Nested Schema for `spec.network_policies.items.policy_types.from` Optional: -- `ip_block` (Attributes) ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--ip_block)) -- `namespace_selector` (Attributes) namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--namespace_selector)) -- `pod_selector` (Attributes) podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--pod_selector)) +- `ip_block` (Attributes) ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--ip_block)) +- `namespace_selector` (Attributes) namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--namespace_selector)) +- `pod_selector` (Attributes) podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--pod_selector)) ### Nested Schema for `spec.network_policies.items.policy_types.from.ip_block` Required: -- `cidr` (String) cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' +- `cidr` (String) cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64' Optional: -- `except` (List of String) except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range +- `except` (List of String) except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range @@ -365,7 +365,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.from.pod_selector.match_expressions` @@ -373,11 +373,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -387,7 +387,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.from.pod_selector.match_expressions` @@ -395,11 +395,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -409,9 +409,9 @@ Optional: Optional: -- `end_port` (Number) endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. -- `port` (String) port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. -- `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. +- `end_port` (Number) endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port. +- `port` (String) port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched. +- `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP. @@ -439,9 +439,9 @@ Optional: Optional: -- `hard` (Map of String) hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ -- `scope_selector` (Attributes) scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. (see [below for nested schema](#nestedatt--spec--resource_quotas--items--scope_selector)) -- `scopes` (List of String) A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. +- `hard` (Map of String) hard is the set of desired hard limits for each named resource.More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ +- `scope_selector` (Attributes) scopeSelector is also a collection of filters like scopes that must match each object tracked by a quotabut expressed using ScopeSelectorOperator in combination with possible values.For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. (see [below for nested schema](#nestedatt--spec--resource_quotas--items--scope_selector)) +- `scopes` (List of String) A collection of filters that must match each object tracked by a quota.If not specified, the quota matches all objects. ### Nested Schema for `spec.resource_quotas.items.scope_selector` @@ -455,12 +455,12 @@ Optional: Required: -- `operator` (String) Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. +- `operator` (String) Represents a scope's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. - `scope_name` (String) The name of the scope that the selector applies to. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty.This array is replaced during a strategic merge patch. diff --git a/docs/data-sources/capsule_clastix_io_tenant_v1beta2_manifest.md b/docs/data-sources/capsule_clastix_io_tenant_v1beta2_manifest.md index c49158f69..7e432c4c4 100644 --- a/docs/data-sources/capsule_clastix_io_tenant_v1beta2_manifest.md +++ b/docs/data-sources/capsule_clastix_io_tenant_v1beta2_manifest.md @@ -68,12 +68,12 @@ Optional: - `network_policies` (Attributes) Specifies the NetworkPolicies assigned to the Tenant. The assigned NetworkPolicies are inherited by any namespace created in the Tenant. Optional. (see [below for nested schema](#nestedatt--spec--network_policies)) - `node_selector` (Map of String) Specifies the label to control the placement of pods on a given pool of worker nodes. All namespaces created within the Tenant will have the node selector annotation. This annotation tells the Kubernetes scheduler to place pods on the nodes having the selector label. Optional. - `pod_options` (Attributes) Specifies options for the Pods deployed in the Tenant namespaces, such as additional metadata. (see [below for nested schema](#nestedatt--spec--pod_options)) -- `prevent_deletion` (Boolean) Prevent accidental deletion of the Tenant. When enabled, the deletion request will be declined. -- `priority_classes` (Attributes) Specifies the allowed priorityClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses. A default value can be specified, and all the Pod resources created will inherit the declared class. Optional. (see [below for nested schema](#nestedatt--spec--priority_classes)) +- `prevent_deletion` (Boolean) Prevent accidental deletion of the Tenant.When enabled, the deletion request will be declined. +- `priority_classes` (Attributes) Specifies the allowed priorityClasses assigned to the Tenant.Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses.A default value can be specified, and all the Pod resources created will inherit the declared class.Optional. (see [below for nested schema](#nestedatt--spec--priority_classes)) - `resource_quotas` (Attributes) Specifies a list of ResourceQuota resources assigned to the Tenant. The assigned values are inherited by any namespace created in the Tenant. The Capsule operator aggregates ResourceQuota at Tenant level, so that the hard quota is never crossed for the given Tenant. This permits the Tenant owner to consume resources in the Tenant regardless of the namespace. Optional. (see [below for nested schema](#nestedatt--spec--resource_quotas)) -- `runtime_classes` (Attributes) Specifies the allowed RuntimeClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed RuntimeClasses. Optional. (see [below for nested schema](#nestedatt--spec--runtime_classes)) +- `runtime_classes` (Attributes) Specifies the allowed RuntimeClasses assigned to the Tenant.Capsule assures that all Pods resources created in the Tenant can use only one of the allowed RuntimeClasses.Optional. (see [below for nested schema](#nestedatt--spec--runtime_classes)) - `service_options` (Attributes) Specifies options for the Service, such as additional metadata or block of certain type of Services. Optional. (see [below for nested schema](#nestedatt--spec--service_options)) -- `storage_classes` (Attributes) Specifies the allowed StorageClasses assigned to the Tenant. Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses. A default value can be specified, and all the PersistentVolumeClaim resources created will inherit the declared class. Optional. (see [below for nested schema](#nestedatt--spec--storage_classes)) +- `storage_classes` (Attributes) Specifies the allowed StorageClasses assigned to the Tenant.Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses.A default value can be specified, and all the PersistentVolumeClaim resources created will inherit the declared class.Optional. (see [below for nested schema](#nestedatt--spec--storage_classes)) ### Nested Schema for `spec.owners` @@ -111,13 +111,13 @@ Required: Required: -- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'. If the Authorizer does not recognized the kind value, the Authorizer should report an error. +- `kind` (String) Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error. - `name` (String) Name of the object being referenced. Optional: -- `api_group` (String) APIGroup holds the API group of the referenced subject. Defaults to '' for ServiceAccount subjects. Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. -- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not empty the Authorizer should report an error. +- `api_group` (String) APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects. +- `namespace` (String) Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error. @@ -136,9 +136,9 @@ Optional: Optional: - `allow_wildcard_hostnames` (Boolean) Toggles the ability for Ingress resources created in a Tenant to have a hostname wildcard. -- `allowed_classes` (Attributes) Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. A default value can be specified, and all the Ingress resources created will inherit the declared class. Optional. (see [below for nested schema](#nestedatt--spec--ingress_options--allowed_classes)) +- `allowed_classes` (Attributes) Specifies the allowed IngressClasses assigned to the Tenant.Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses.A default value can be specified, and all the Ingress resources created will inherit the declared class.Optional. (see [below for nested schema](#nestedatt--spec--ingress_options--allowed_classes)) - `allowed_hostnames` (Attributes) Specifies the allowed hostnames in Ingresses for the given Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed hostnames. Optional. (see [below for nested schema](#nestedatt--spec--ingress_options--allowed_hostnames)) -- `hostname_collision_scope` (String) Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames. - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule. - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant. - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace. Optional. +- `hostname_collision_scope` (String) Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.- Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule.- Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant.- Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace.Optional. ### Nested Schema for `spec.ingress_options.allowed_classes` @@ -149,7 +149,7 @@ Optional: - `allowed_regex` (String) - `default` (String) - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--ingress_options--allowed_classes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.ingress_options.allowed_classes.match_expressions` @@ -157,11 +157,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -257,13 +257,13 @@ Optional: Required: -- `pod_selector` (Attributes) podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--pod_selector)) +- `pod_selector` (Attributes) podSelector selects the pods to which this NetworkPolicy object applies.The array of ingress rules is applied to any pods selected by this field.Multiple network policies can select the same set of pods. In this case,the ingress rules for each are combined additively.This field is NOT optional and follows standard label selector semantics.An empty podSelector matches all pods in this namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--pod_selector)) Optional: -- `egress` (Attributes List) egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8 (see [below for nested schema](#nestedatt--spec--network_policies--items--egress)) -- `ingress` (Attributes List) ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default) (see [below for nested schema](#nestedatt--spec--network_policies--items--ingress)) -- `policy_types` (List of String) policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress']. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include 'Egress' (since such a policy would not include an egress section and would otherwise default to just [ 'Ingress' ]). This field is beta-level in 1.8 +- `egress` (Attributes List) egress is a list of egress rules to be applied to the selected pods. Outgoing trafficis allowed if there are no NetworkPolicies selecting the pod (and cluster policyotherwise allows the traffic), OR if the traffic matches at least one egress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy limits all outgoing traffic (and servessolely to ensure that the pods it selects are isolated by default).This field is beta-level in 1.8 (see [below for nested schema](#nestedatt--spec--network_policies--items--egress)) +- `ingress` (Attributes List) ingress is a list of ingress rules to be applied to the selected pods.Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod(and cluster policy otherwise allows the traffic), OR if the traffic source isthe pod's local node, OR if the traffic matches at least one ingress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy does not allow any traffic (and servessolely to ensure that the pods it selects are isolated by default) (see [below for nested schema](#nestedatt--spec--network_policies--items--ingress)) +- `policy_types` (List of String) policyTypes is a list of rule types that the NetworkPolicy relates to.Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress'].If this field is not specified, it will default based on the existence of ingress or egress rules;policies that contain an egress section are assumed to affect egress, and all policies(whether or not they contain an ingress section) are assumed to affect ingress.If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ].Likewise, if you want to write a policy that specifies that no egress is allowed,you must specify a policyTypes value that include 'Egress' (since such a policy would not includean egress section and would otherwise default to just [ 'Ingress' ]).This field is beta-level in 1.8 ### Nested Schema for `spec.network_policies.items.pod_selector` @@ -271,7 +271,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.match_expressions` @@ -279,11 +279,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -292,17 +292,17 @@ Optional: Optional: -- `ports` (Attributes List) ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--ports)) -- `to` (Attributes List) to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to)) +- `ports` (Attributes List) ports is a list of destination ports for outgoing traffic.Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--ports)) +- `to` (Attributes List) to is a list of destinations for outgoing traffic of pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all destinations (traffic not restricted bydestination). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the to list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to)) ### Nested Schema for `spec.network_policies.items.policy_types.ports` Optional: -- `end_port` (Number) endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. -- `port` (String) port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. -- `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. +- `end_port` (Number) endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port. +- `port` (String) port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched. +- `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP. @@ -310,20 +310,20 @@ Optional: Optional: -- `ip_block` (Attributes) ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--ip_block)) -- `namespace_selector` (Attributes) namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--namespace_selector)) -- `pod_selector` (Attributes) podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--pod_selector)) +- `ip_block` (Attributes) ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--ip_block)) +- `namespace_selector` (Attributes) namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--namespace_selector)) +- `pod_selector` (Attributes) podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--pod_selector)) ### Nested Schema for `spec.network_policies.items.policy_types.to.ip_block` Required: -- `cidr` (String) cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' +- `cidr` (String) cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64' Optional: -- `except` (List of String) except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range +- `except` (List of String) except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range @@ -332,7 +332,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.to.pod_selector.match_expressions` @@ -340,11 +340,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -354,7 +354,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--to--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.to.pod_selector.match_expressions` @@ -362,11 +362,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -377,28 +377,28 @@ Optional: Optional: -- `from` (Attributes List) from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from)) -- `ports` (Attributes List) ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--ports)) +- `from` (Attributes List) from is a list of sources which should be able to access the pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all sources (traffic not restricted bysource). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the from list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from)) +- `ports` (Attributes List) ports is a list of ports which should be made accessible on the pods selected forthis rule. Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--ports)) ### Nested Schema for `spec.network_policies.items.policy_types.from` Optional: -- `ip_block` (Attributes) ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--ip_block)) -- `namespace_selector` (Attributes) namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--namespace_selector)) -- `pod_selector` (Attributes) podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--pod_selector)) +- `ip_block` (Attributes) ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--ip_block)) +- `namespace_selector` (Attributes) namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--namespace_selector)) +- `pod_selector` (Attributes) podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--pod_selector)) ### Nested Schema for `spec.network_policies.items.policy_types.from.ip_block` Required: -- `cidr` (String) cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' +- `cidr` (String) cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64' Optional: -- `except` (List of String) except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range +- `except` (List of String) except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range @@ -407,7 +407,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.from.pod_selector.match_expressions` @@ -415,11 +415,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -429,7 +429,7 @@ Optional: Optional: - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--network_policies--items--policy_types--from--pod_selector--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.network_policies.items.policy_types.from.pod_selector.match_expressions` @@ -437,11 +437,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -451,9 +451,9 @@ Optional: Optional: -- `end_port` (Number) endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port. -- `port` (String) port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched. -- `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP. +- `end_port` (Number) endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port. +- `port` (String) port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched. +- `protocol` (String) protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP. @@ -485,7 +485,7 @@ Optional: - `allowed_regex` (String) - `default` (String) - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--priority_classes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.priority_classes.match_expressions` @@ -493,11 +493,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -514,9 +514,9 @@ Optional: Optional: -- `hard` (Map of String) hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ -- `scope_selector` (Attributes) scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. (see [below for nested schema](#nestedatt--spec--resource_quotas--items--scope_selector)) -- `scopes` (List of String) A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. +- `hard` (Map of String) hard is the set of desired hard limits for each named resource.More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/ +- `scope_selector` (Attributes) scopeSelector is also a collection of filters like scopes that must match each object tracked by a quotabut expressed using ScopeSelectorOperator in combination with possible values.For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. (see [below for nested schema](#nestedatt--spec--resource_quotas--items--scope_selector)) +- `scopes` (List of String) A collection of filters that must match each object tracked by a quota.If not specified, the quota matches all objects. ### Nested Schema for `spec.resource_quotas.items.scope_selector` @@ -530,12 +530,12 @@ Optional: Required: -- `operator` (String) Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. +- `operator` (String) Represents a scope's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist. - `scope_name` (String) The name of the scope that the selector applies to. Optional: -- `values` (List of String) An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty.This array is replaced during a strategic merge patch. @@ -549,7 +549,7 @@ Optional: - `allowed` (List of String) - `allowed_regex` (String) - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--runtime_classes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.runtime_classes.match_expressions` @@ -557,11 +557,11 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. @@ -631,7 +631,7 @@ Optional: - `allowed_regex` (String) - `default` (String) - `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--storage_classes--match_expressions)) -- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed. +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. ### Nested Schema for `spec.storage_classes.match_expressions` @@ -639,8 +639,8 @@ Optional: Required: - `key` (String) key is the label key that the selector applies to. -- `operator` (String) operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. Optional: -- `values` (List of String) values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. diff --git a/docs/data-sources/elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest.md b/docs/data-sources/elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest.md index acd463129..f434df96a 100644 --- a/docs/data-sources/elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest.md +++ b/docs/data-sources/elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest.md @@ -30,7 +30,7 @@ data "k8s_elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest" ### Optional -- `spec` (Attributes) CacheParameterGroupSpec defines the desired state of CacheParameterGroup. Represents the output of a CreateCacheParameterGroup operation. (see [below for nested schema](#nestedatt--spec)) +- `spec` (Attributes) CacheParameterGroupSpec defines the desired state of CacheParameterGroup.Represents the output of a CreateCacheParameterGroup operation. (see [below for nested schema](#nestedatt--spec)) ### Read-Only @@ -55,14 +55,14 @@ Optional: Required: -- `cache_parameter_group_family` (String) The name of the cache parameter group family that the cache parameter group can be used with. Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x +- `cache_parameter_group_family` (String) The name of the cache parameter group family that the cache parameter groupcan be used with.Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 |redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x - `cache_parameter_group_name` (String) A user-specified name for the cache parameter group. - `description` (String) A user-specified description for the cache parameter group. Optional: -- `parameter_name_values` (Attributes List) An array of parameter names and values for the parameter update. You must supply at least one parameter name and value; subsequent arguments are optional. A maximum of 20 parameters may be modified per request. (see [below for nested schema](#nestedatt--spec--parameter_name_values)) -- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) +- `parameter_name_values` (Attributes List) An array of parameter names and values for the parameter update. You mustsupply at least one parameter name and value; subsequent arguments are optional.A maximum of 20 parameters may be modified per request. (see [below for nested schema](#nestedatt--spec--parameter_name_values)) +- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) ### Nested Schema for `spec.parameter_name_values` diff --git a/docs/data-sources/elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest.md b/docs/data-sources/elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest.md index f1af72522..9a9226316 100644 --- a/docs/data-sources/elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest.md +++ b/docs/data-sources/elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest.md @@ -30,7 +30,7 @@ data "k8s_elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest" "ex ### Optional -- `spec` (Attributes) CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup. Represents the output of one of the following operations: * CreateCacheSubnetGroup * ModifyCacheSubnetGroup (see [below for nested schema](#nestedatt--spec)) +- `spec` (Attributes) CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup.Represents the output of one of the following operations: * CreateCacheSubnetGroup * ModifyCacheSubnetGroup (see [below for nested schema](#nestedatt--spec)) ### Read-Only @@ -56,20 +56,20 @@ Optional: Required: - `cache_subnet_group_description` (String) A description for the cache subnet group. -- `cache_subnet_group_name` (String) A name for the cache subnet group. This value is stored as a lowercase string. Constraints: Must contain no more than 255 alphanumeric characters or hyphens. Example: mysubnetgroup +- `cache_subnet_group_name` (String) A name for the cache subnet group. This value is stored as a lowercase string.Constraints: Must contain no more than 255 alphanumeric characters or hyphens.Example: mysubnetgroup Optional: - `subnet_i_ds` (List of String) A list of VPC subnet IDs for the cache subnet group. - `subnet_refs` (Attributes List) (see [below for nested schema](#nestedatt--spec--subnet_refs)) -- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) +- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) ### Nested Schema for `spec.subnet_refs` Optional: -- `from` (Attributes) AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name) (see [below for nested schema](#nestedatt--spec--subnet_refs--from)) +- `from` (Attributes) AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name) (see [below for nested schema](#nestedatt--spec--subnet_refs--from)) ### Nested Schema for `spec.subnet_refs.from` diff --git a/docs/data-sources/elasticache_services_k8s_aws_replication_group_v1alpha1_manifest.md b/docs/data-sources/elasticache_services_k8s_aws_replication_group_v1alpha1_manifest.md index 9fb8d01de..06072cfd9 100644 --- a/docs/data-sources/elasticache_services_k8s_aws_replication_group_v1alpha1_manifest.md +++ b/docs/data-sources/elasticache_services_k8s_aws_replication_group_v1alpha1_manifest.md @@ -30,7 +30,7 @@ data "k8s_elasticache_services_k8s_aws_replication_group_v1alpha1_manifest" "exa ### Optional -- `spec` (Attributes) ReplicationGroupSpec defines the desired state of ReplicationGroup. Contains all of the attributes of a specific Redis replication group. (see [below for nested schema](#nestedatt--spec)) +- `spec` (Attributes) ReplicationGroupSpec defines the desired state of ReplicationGroup.Contains all of the attributes of a specific Redis replication group. (see [below for nested schema](#nestedatt--spec)) ### Read-Only @@ -56,41 +56,41 @@ Optional: Required: - `description` (String) A user-created description for the replication group. -- `replication_group_id` (String) The replication group identifier. This parameter is stored as a lowercase string. Constraints: * A name must contain from 1 to 40 alphanumeric characters or hyphens. * The first character must be a letter. * A name cannot end with a hyphen or contain two consecutive hyphens. +- `replication_group_id` (String) The replication group identifier. This parameter is stored as a lowercasestring.Constraints: * A name must contain from 1 to 40 alphanumeric characters or hyphens. * The first character must be a letter. * A name cannot end with a hyphen or contain two consecutive hyphens. Optional: -- `at_rest_encryption_enabled` (Boolean) A flag that enables encryption at rest when set to true. You cannot modify the value of AtRestEncryptionEnabled after the replication group is created. To enable encryption at rest on a replication group you must set AtRestEncryptionEnabled to true when you create the replication group. Required: Only available when creating a replication group in an Amazon VPC using redis version 3.2.6, 4.x or later. Default: false -- `auth_token` (Attributes) Reserved parameter. The password used to access a password protected server. AuthToken can be specified only on replication groups where TransitEncryptionEnabled is true. For HIPAA compliance, you must specify TransitEncryptionEnabled as true, an AuthToken, and a CacheSubnetGroup. Password constraints: * Must be only printable ASCII characters. * Must be at least 16 characters and no more than 128 characters in length. * The only permitted printable special characters are !, &, #, $, ^, <, >, and -. Other printable special characters cannot be used in the AUTH token. For more information, see AUTH password (http://redis.io/commands/AUTH) at http://redis.io/commands/AUTH. (see [below for nested schema](#nestedatt--spec--auth_token)) -- `automatic_failover_enabled` (Boolean) Specifies whether a read-only replica is automatically promoted to read/write primary if the existing primary fails. AutomaticFailoverEnabled must be enabled for Redis (cluster mode enabled) replication groups. Default: false -- `cache_node_type` (String) The compute and memory capacity of the nodes in the node group (shard). The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts. * General purpose: Current generation: M6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): cache.m6g.large, cache.m6g.xlarge, cache.m6g.2xlarge, cache.m6g.4xlarge, cache.m6g.8xlarge, cache.m6g.12xlarge, cache.m6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) M5 node types: cache.m5.large, cache.m5.xlarge, cache.m5.2xlarge, cache.m5.4xlarge, cache.m5.12xlarge, cache.m5.24xlarge M4 node types: cache.m4.large, cache.m4.xlarge, cache.m4.2xlarge, cache.m4.4xlarge, cache.m4.10xlarge T4g node types (available only for Redis engine version 5.0.6 onward and Memcached engine version 1.5.16 onward): cache.t4g.micro, cache.t4g.small, cache.t4g.medium T3 node types: cache.t3.micro, cache.t3.small, cache.t3.medium T2 node types: cache.t2.micro, cache.t2.small, cache.t2.medium Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) T1 node types: cache.t1.micro M1 node types: cache.m1.small, cache.m1.medium, cache.m1.large, cache.m1.xlarge M3 node types: cache.m3.medium, cache.m3.large, cache.m3.xlarge, cache.m3.2xlarge * Compute optimized: Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) C1 node types: cache.c1.xlarge * Memory optimized with data tiering: Current generation: R6gd node types (available only for Redis engine version 6.2 onward). cache.r6gd.xlarge, cache.r6gd.2xlarge, cache.r6gd.4xlarge, cache.r6gd.8xlarge, cache.r6gd.12xlarge, cache.r6gd.16xlarge * Memory optimized: Current generation: R6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward). cache.r6g.large, cache.r6g.xlarge, cache.r6g.2xlarge, cache.r6g.4xlarge, cache.r6g.8xlarge, cache.r6g.12xlarge, cache.r6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) R5 node types: cache.r5.large, cache.r5.xlarge, cache.r5.2xlarge, cache.r5.4xlarge, cache.r5.12xlarge, cache.r5.24xlarge R4 node types: cache.r4.large, cache.r4.xlarge, cache.r4.2xlarge, cache.r4.4xlarge, cache.r4.8xlarge, cache.r4.16xlarge Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) M2 node types: cache.m2.xlarge, cache.m2.2xlarge, cache.m2.4xlarge R3 node types: cache.r3.large, cache.r3.xlarge, cache.r3.2xlarge, cache.r3.4xlarge, cache.r3.8xlarge Additional node type info * All current generation instance types are created in Amazon VPC by default. * Redis append-only files (AOF) are not supported for T1 or T2 instances. * Redis Multi-AZ with automatic failover is not supported on T1 instances. * Redis configuration variables appendonly and appendfsync are not supported on Redis version 2.8.22 and later. -- `cache_parameter_group_name` (String) The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. If you are running Redis version 3.2.4 or later, only one node group (shard), and want to use a default parameter group, we recommend that you specify the parameter group by name. * To create a Redis (cluster mode disabled) replication group, use CacheParameterGroupName=default.redis3.2. * To create a Redis (cluster mode enabled) replication group, use CacheParameterGroupName=default.redis3.2.cluster.on. -- `cache_parameter_group_ref` (Attributes) AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference type to provide more user friendly syntax for references using 'from' field Ex: APIIDRef: from: name: my-api (see [below for nested schema](#nestedatt--spec--cache_parameter_group_ref)) +- `at_rest_encryption_enabled` (Boolean) A flag that enables encryption at rest when set to true.You cannot modify the value of AtRestEncryptionEnabled after the replicationgroup is created. To enable encryption at rest on a replication group youmust set AtRestEncryptionEnabled to true when you create the replicationgroup.Required: Only available when creating a replication group in an Amazon VPCusing redis version 3.2.6, 4.x or later.Default: false +- `auth_token` (Attributes) Reserved parameter. The password used to access a password protected server.AuthToken can be specified only on replication groups where TransitEncryptionEnabledis true.For HIPAA compliance, you must specify TransitEncryptionEnabled as true,an AuthToken, and a CacheSubnetGroup.Password constraints: * Must be only printable ASCII characters. * Must be at least 16 characters and no more than 128 characters in length. * The only permitted printable special characters are !, &, #, $, ^, <, >, and -. Other printable special characters cannot be used in the AUTH token.For more information, see AUTH password (http://redis.io/commands/AUTH) athttp://redis.io/commands/AUTH. (see [below for nested schema](#nestedatt--spec--auth_token)) +- `automatic_failover_enabled` (Boolean) Specifies whether a read-only replica is automatically promoted to read/writeprimary if the existing primary fails.AutomaticFailoverEnabled must be enabled for Redis (cluster mode enabled)replication groups.Default: false +- `cache_node_type` (String) The compute and memory capacity of the nodes in the node group (shard).The following node types are supported by ElastiCache. Generally speaking,the current generation types provide more memory and computational powerat lower cost when compared to their equivalent previous generation counterparts. * General purpose: Current generation: M6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): cache.m6g.large, cache.m6g.xlarge, cache.m6g.2xlarge, cache.m6g.4xlarge, cache.m6g.8xlarge, cache.m6g.12xlarge, cache.m6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) M5 node types: cache.m5.large, cache.m5.xlarge, cache.m5.2xlarge, cache.m5.4xlarge, cache.m5.12xlarge, cache.m5.24xlarge M4 node types: cache.m4.large, cache.m4.xlarge, cache.m4.2xlarge, cache.m4.4xlarge, cache.m4.10xlarge T4g node types (available only for Redis engine version 5.0.6 onward and Memcached engine version 1.5.16 onward): cache.t4g.micro, cache.t4g.small, cache.t4g.medium T3 node types: cache.t3.micro, cache.t3.small, cache.t3.medium T2 node types: cache.t2.micro, cache.t2.small, cache.t2.medium Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) T1 node types: cache.t1.micro M1 node types: cache.m1.small, cache.m1.medium, cache.m1.large, cache.m1.xlarge M3 node types: cache.m3.medium, cache.m3.large, cache.m3.xlarge, cache.m3.2xlarge * Compute optimized: Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) C1 node types: cache.c1.xlarge * Memory optimized with data tiering: Current generation: R6gd node types (available only for Redis engine version 6.2 onward). cache.r6gd.xlarge, cache.r6gd.2xlarge, cache.r6gd.4xlarge, cache.r6gd.8xlarge, cache.r6gd.12xlarge, cache.r6gd.16xlarge * Memory optimized: Current generation: R6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward). cache.r6g.large, cache.r6g.xlarge, cache.r6g.2xlarge, cache.r6g.4xlarge, cache.r6g.8xlarge, cache.r6g.12xlarge, cache.r6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) R5 node types: cache.r5.large, cache.r5.xlarge, cache.r5.2xlarge, cache.r5.4xlarge, cache.r5.12xlarge, cache.r5.24xlarge R4 node types: cache.r4.large, cache.r4.xlarge, cache.r4.2xlarge, cache.r4.4xlarge, cache.r4.8xlarge, cache.r4.16xlarge Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) M2 node types: cache.m2.xlarge, cache.m2.2xlarge, cache.m2.4xlarge R3 node types: cache.r3.large, cache.r3.xlarge, cache.r3.2xlarge, cache.r3.4xlarge, cache.r3.8xlargeAdditional node type info * All current generation instance types are created in Amazon VPC by default. * Redis append-only files (AOF) are not supported for T1 or T2 instances. * Redis Multi-AZ with automatic failover is not supported on T1 instances. * Redis configuration variables appendonly and appendfsync are not supported on Redis version 2.8.22 and later. +- `cache_parameter_group_name` (String) The name of the parameter group to associate with this replication group.If this argument is omitted, the default cache parameter group for the specifiedengine is used.If you are running Redis version 3.2.4 or later, only one node group (shard),and want to use a default parameter group, we recommend that you specifythe parameter group by name. * To create a Redis (cluster mode disabled) replication group, use CacheParameterGroupName=default.redis3.2. * To create a Redis (cluster mode enabled) replication group, use CacheParameterGroupName=default.redis3.2.cluster.on. +- `cache_parameter_group_ref` (Attributes) AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReferencetype to provide more user friendly syntax for references using 'from' fieldEx:APIIDRef: from: name: my-api (see [below for nested schema](#nestedatt--spec--cache_parameter_group_ref)) - `cache_security_group_names` (List of String) A list of cache security group names to associate with this replication group. -- `cache_subnet_group_name` (String) The name of the cache subnet group to be used for the replication group. If you're going to launch your cluster in an Amazon VPC, you need to create a subnet group before you start creating a cluster. For more information, see Subnets and Subnet Groups (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.html). -- `cache_subnet_group_ref` (Attributes) AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference type to provide more user friendly syntax for references using 'from' field Ex: APIIDRef: from: name: my-api (see [below for nested schema](#nestedatt--spec--cache_subnet_group_ref)) -- `data_tiering_enabled` (Boolean) Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. For more information, see Data tiering (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html). -- `engine` (String) The name of the cache engine to be used for the clusters in this replication group. Must be Redis. -- `engine_version` (String) The version number of the cache engine to be used for the clusters in this replication group. To view the supported cache engine versions, use the DescribeCacheEngineVersions operation. Important: You can upgrade to a newer engine version (see Selecting a Cache Engine and Version (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html#VersionManagement)) in the ElastiCache User Guide, but you cannot downgrade to an earlier engine version. If you want to use an earlier engine version, you must delete the existing cluster or replication group and create it anew with the earlier engine version. +- `cache_subnet_group_name` (String) The name of the cache subnet group to be used for the replication group.If you're going to launch your cluster in an Amazon VPC, you need to createa subnet group before you start creating a cluster. For more information,see Subnets and Subnet Groups (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.html). +- `cache_subnet_group_ref` (Attributes) AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReferencetype to provide more user friendly syntax for references using 'from' fieldEx:APIIDRef: from: name: my-api (see [below for nested schema](#nestedatt--spec--cache_subnet_group_ref)) +- `data_tiering_enabled` (Boolean) Enables data tiering. Data tiering is only supported for replication groupsusing the r6gd node type. This parameter must be set to true when using r6gdnodes. For more information, see Data tiering (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html). +- `engine` (String) The name of the cache engine to be used for the clusters in this replicationgroup. Must be Redis. +- `engine_version` (String) The version number of the cache engine to be used for the clusters in thisreplication group. To view the supported cache engine versions, use the DescribeCacheEngineVersionsoperation.Important: You can upgrade to a newer engine version (see Selecting a CacheEngine and Version (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html#VersionManagement))in the ElastiCache User Guide, but you cannot downgrade to an earlier engineversion. If you want to use an earlier engine version, you must delete theexisting cluster or replication group and create it anew with the earlierengine version. - `kms_key_id` (String) The ID of the KMS key used to encrypt the disk in the cluster. - `log_delivery_configurations` (Attributes List) Specifies the destination, format and type of the logs. (see [below for nested schema](#nestedatt--spec--log_delivery_configurations)) -- `multi_az_enabled` (Boolean) A flag indicating if you have Multi-AZ enabled to enhance fault tolerance. For more information, see Minimizing Downtime: Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html). -- `node_group_configuration` (Attributes List) A list of node group (shard) configuration options. Each node group (shard) configuration has the following members: PrimaryAvailabilityZone, ReplicaAvailabilityZones, ReplicaCount, and Slots. If you're creating a Redis (cluster mode disabled) or a Redis (cluster mode enabled) replication group, you can use this parameter to individually configure each node group (shard), or you can omit this parameter. However, it is required when seeding a Redis (cluster mode enabled) cluster from a S3 rdb file. You must configure each node group (shard) using this parameter because you must specify the slots for each node group. (see [below for nested schema](#nestedatt--spec--node_group_configuration)) -- `notification_topic_arn` (String) The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) topic to which notifications are sent. The Amazon SNS topic owner must be the same as the cluster owner. -- `num_node_groups` (Number) An optional parameter that specifies the number of node groups (shards) for this Redis (cluster mode enabled) replication group. For Redis (cluster mode disabled) either omit this parameter or set it to 1. Default: 1 +- `multi_az_enabled` (Boolean) A flag indicating if you have Multi-AZ enabled to enhance fault tolerance.For more information, see Minimizing Downtime: Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html). +- `node_group_configuration` (Attributes List) A list of node group (shard) configuration options. Each node group (shard)configuration has the following members: PrimaryAvailabilityZone, ReplicaAvailabilityZones,ReplicaCount, and Slots.If you're creating a Redis (cluster mode disabled) or a Redis (cluster modeenabled) replication group, you can use this parameter to individually configureeach node group (shard), or you can omit this parameter. However, it is requiredwhen seeding a Redis (cluster mode enabled) cluster from a S3 rdb file. Youmust configure each node group (shard) using this parameter because you mustspecify the slots for each node group. (see [below for nested schema](#nestedatt--spec--node_group_configuration)) +- `notification_topic_arn` (String) The Amazon Resource Name (ARN) of the Amazon Simple Notification Service(SNS) topic to which notifications are sent.The Amazon SNS topic owner must be the same as the cluster owner. +- `num_node_groups` (Number) An optional parameter that specifies the number of node groups (shards) forthis Redis (cluster mode enabled) replication group. For Redis (cluster modedisabled) either omit this parameter or set it to 1.Default: 1 - `port` (Number) The port number on which each member of the replication group accepts connections. -- `preferred_cache_cluster_a_zs` (List of String) A list of EC2 Availability Zones in which the replication group's clusters are created. The order of the Availability Zones in the list is the order in which clusters are allocated. The primary cluster is created in the first AZ in the list. This parameter is not used if there is more than one node group (shard). You should use NodeGroupConfiguration instead. If you are creating your replication group in an Amazon VPC (recommended), you can only locate clusters in Availability Zones associated with the subnets in the selected subnet group. The number of Availability Zones listed must equal the value of NumCacheClusters. Default: system chosen Availability Zones. -- `preferred_maintenance_window` (String) Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Valid values for ddd are: Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Valid values for ddd are: * sun * mon * tue * wed * thu * fri * sat Example: sun:23:00-mon:01:30 -- `primary_cluster_id` (String) The identifier of the cluster that serves as the primary for this replication group. This cluster must already exist and have a status of available. This parameter is not required if NumCacheClusters, NumNodeGroups, or ReplicasPerNodeGroup is specified. -- `replicas_per_node_group` (Number) An optional parameter that specifies the number of replica nodes in each node group (shard). Valid values are 0 to 5. -- `security_group_i_ds` (List of String) One or more Amazon VPC security groups associated with this replication group. Use this parameter only when you are creating a replication group in an Amazon Virtual Private Cloud (Amazon VPC). +- `preferred_cache_cluster_a_zs` (List of String) A list of EC2 Availability Zones in which the replication group's clustersare created. The order of the Availability Zones in the list is the orderin which clusters are allocated. The primary cluster is created in the firstAZ in the list.This parameter is not used if there is more than one node group (shard).You should use NodeGroupConfiguration instead.If you are creating your replication group in an Amazon VPC (recommended),you can only locate clusters in Availability Zones associated with the subnetsin the selected subnet group.The number of Availability Zones listed must equal the value of NumCacheClusters.Default: system chosen Availability Zones. +- `preferred_maintenance_window` (String) Specifies the weekly time range during which maintenance on the cluster isperformed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi(24H Clock UTC). The minimum maintenance window is a 60 minute period. Validvalues for ddd are:Specifies the weekly time range during which maintenance on the cluster isperformed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi(24H Clock UTC). The minimum maintenance window is a 60 minute period.Valid values for ddd are: * sun * mon * tue * wed * thu * fri * satExample: sun:23:00-mon:01:30 +- `primary_cluster_id` (String) The identifier of the cluster that serves as the primary for this replicationgroup. This cluster must already exist and have a status of available.This parameter is not required if NumCacheClusters, NumNodeGroups, or ReplicasPerNodeGroupis specified. +- `replicas_per_node_group` (Number) An optional parameter that specifies the number of replica nodes in eachnode group (shard). Valid values are 0 to 5. +- `security_group_i_ds` (List of String) One or more Amazon VPC security groups associated with this replication group.Use this parameter only when you are creating a replication group in an AmazonVirtual Private Cloud (Amazon VPC). - `security_group_refs` (Attributes List) (see [below for nested schema](#nestedatt--spec--security_group_refs)) -- `snapshot_ar_ns` (List of String) A list of Amazon Resource Names (ARN) that uniquely identify the Redis RDB snapshot files stored in Amazon S3. The snapshot files are used to populate the new replication group. The Amazon S3 object name in the ARN cannot contain any commas. The new replication group will have the number of node groups (console: shards) specified by the parameter NumNodeGroups or the number of node groups configured by NodeGroupConfiguration regardless of the number of ARNs specified here. Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb -- `snapshot_name` (String) The name of a snapshot from which to restore data into the new replication group. The snapshot status changes to restoring while the new replication group is being created. -- `snapshot_retention_limit` (Number) The number of days for which ElastiCache retains automatic snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot that was taken today is retained for 5 days before being deleted. Default: 0 (i.e., automatic backups are disabled for this cluster). -- `snapshot_window` (String) The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your node group (shard). Example: 05:00-09:00 If you do not specify this parameter, ElastiCache automatically chooses an appropriate time range. -- `tags` (Attributes List) A list of tags to be added to this resource. Tags are comma-separated key,value pairs (e.g. Key=myKey, Value=myKeyValue. You can include multiple tags as shown following: Key=myKey, Value=myKeyValue Key=mySecondKey, Value=mySecondKeyValue. Tags on replication groups will be replicated to all nodes. (see [below for nested schema](#nestedatt--spec--tags)) -- `transit_encryption_enabled` (Boolean) A flag that enables in-transit encryption when set to true. You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster. This parameter is valid only if the Engine parameter is redis, the EngineVersion parameter is 3.2.6, 4.x or later, and the cluster is being created in an Amazon VPC. If you enable in-transit encryption, you must also specify a value for CacheSubnetGroup. Required: Only available when creating a replication group in an Amazon VPC using redis version 3.2.6, 4.x or later. Default: false For HIPAA compliance, you must specify TransitEncryptionEnabled as true, an AuthToken, and a CacheSubnetGroup. +- `snapshot_ar_ns` (List of String) A list of Amazon Resource Names (ARN) that uniquely identify the Redis RDBsnapshot files stored in Amazon S3. The snapshot files are used to populatethe new replication group. The Amazon S3 object name in the ARN cannot containany commas. The new replication group will have the number of node groups(console: shards) specified by the parameter NumNodeGroups or the numberof node groups configured by NodeGroupConfiguration regardless of the numberof ARNs specified here.Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb +- `snapshot_name` (String) The name of a snapshot from which to restore data into the new replicationgroup. The snapshot status changes to restoring while the new replicationgroup is being created. +- `snapshot_retention_limit` (Number) The number of days for which ElastiCache retains automatic snapshots beforedeleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshotthat was taken today is retained for 5 days before being deleted.Default: 0 (i.e., automatic backups are disabled for this cluster). +- `snapshot_window` (String) The daily time range (in UTC) during which ElastiCache begins taking a dailysnapshot of your node group (shard).Example: 05:00-09:00If you do not specify this parameter, ElastiCache automatically chooses anappropriate time range. +- `tags` (Attributes List) A list of tags to be added to this resource. Tags are comma-separated key,valuepairs (e.g. Key=myKey, Value=myKeyValue. You can include multiple tags asshown following: Key=myKey, Value=myKeyValue Key=mySecondKey, Value=mySecondKeyValue.Tags on replication groups will be replicated to all nodes. (see [below for nested schema](#nestedatt--spec--tags)) +- `transit_encryption_enabled` (Boolean) A flag that enables in-transit encryption when set to true.You cannot modify the value of TransitEncryptionEnabled after the clusteris created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabledto true when you create a cluster.This parameter is valid only if the Engine parameter is redis, the EngineVersionparameter is 3.2.6, 4.x or later, and the cluster is being created in anAmazon VPC.If you enable in-transit encryption, you must also specify a value for CacheSubnetGroup.Required: Only available when creating a replication group in an Amazon VPCusing redis version 3.2.6, 4.x or later.Default: falseFor HIPAA compliance, you must specify TransitEncryptionEnabled as true,an AuthToken, and a CacheSubnetGroup. - `user_group_i_ds` (List of String) The user group to associate with the replication group. @@ -111,7 +111,7 @@ Optional: Optional: -- `from` (Attributes) AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name) (see [below for nested schema](#nestedatt--spec--cache_parameter_group_ref--from)) +- `from` (Attributes) AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name) (see [below for nested schema](#nestedatt--spec--cache_parameter_group_ref--from)) ### Nested Schema for `spec.cache_parameter_group_ref.from` @@ -127,7 +127,7 @@ Optional: Optional: -- `from` (Attributes) AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name) (see [below for nested schema](#nestedatt--spec--cache_subnet_group_ref--from)) +- `from` (Attributes) AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name) (see [below for nested schema](#nestedatt--spec--cache_subnet_group_ref--from)) ### Nested Schema for `spec.cache_subnet_group_ref.from` @@ -143,7 +143,7 @@ Optional: Optional: -- `destination_details` (Attributes) Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination. (see [below for nested schema](#nestedatt--spec--log_delivery_configurations--destination_details)) +- `destination_details` (Attributes) Configuration details of either a CloudWatch Logs destination or KinesisData Firehose destination. (see [below for nested schema](#nestedatt--spec--log_delivery_configurations--destination_details)) - `destination_type` (String) - `enabled` (Boolean) - `log_format` (String) @@ -194,7 +194,7 @@ Optional: Optional: -- `from` (Attributes) AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name) (see [below for nested schema](#nestedatt--spec--security_group_refs--from)) +- `from` (Attributes) AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name) (see [below for nested schema](#nestedatt--spec--security_group_refs--from)) ### Nested Schema for `spec.security_group_refs.from` diff --git a/docs/data-sources/elasticache_services_k8s_aws_snapshot_v1alpha1_manifest.md b/docs/data-sources/elasticache_services_k8s_aws_snapshot_v1alpha1_manifest.md index 62b3daba2..f66df67c4 100644 --- a/docs/data-sources/elasticache_services_k8s_aws_snapshot_v1alpha1_manifest.md +++ b/docs/data-sources/elasticache_services_k8s_aws_snapshot_v1alpha1_manifest.md @@ -30,7 +30,7 @@ data "k8s_elasticache_services_k8s_aws_snapshot_v1alpha1_manifest" "example" { ### Optional -- `spec` (Attributes) SnapshotSpec defines the desired state of Snapshot. Represents a copy of an entire Redis cluster as of the time when the snapshot was taken. (see [below for nested schema](#nestedatt--spec)) +- `spec` (Attributes) SnapshotSpec defines the desired state of Snapshot.Represents a copy of an entire Redis cluster as of the time when the snapshotwas taken. (see [below for nested schema](#nestedatt--spec)) ### Read-Only @@ -59,11 +59,11 @@ Required: Optional: -- `cache_cluster_id` (String) The identifier of an existing cluster. The snapshot is created from this cluster. +- `cache_cluster_id` (String) The identifier of an existing cluster. The snapshot is created from thiscluster. - `kms_key_id` (String) The ID of the KMS key used to encrypt the snapshot. -- `replication_group_id` (String) The identifier of an existing replication group. The snapshot is created from this replication group. +- `replication_group_id` (String) The identifier of an existing replication group. The snapshot is createdfrom this replication group. - `source_snapshot_name` (String) The name of an existing snapshot from which to make a copy. -- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) +- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) ### Nested Schema for `spec.tags` diff --git a/docs/data-sources/elasticache_services_k8s_aws_user_group_v1alpha1_manifest.md b/docs/data-sources/elasticache_services_k8s_aws_user_group_v1alpha1_manifest.md index 831ef88da..51e468786 100644 --- a/docs/data-sources/elasticache_services_k8s_aws_user_group_v1alpha1_manifest.md +++ b/docs/data-sources/elasticache_services_k8s_aws_user_group_v1alpha1_manifest.md @@ -60,7 +60,7 @@ Required: Optional: -- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) +- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) - `user_i_ds` (List of String) The list of user IDs that belong to the user group. diff --git a/docs/data-sources/elasticache_services_k8s_aws_user_v1alpha1_manifest.md b/docs/data-sources/elasticache_services_k8s_aws_user_v1alpha1_manifest.md index d311c84fe..d6021093b 100644 --- a/docs/data-sources/elasticache_services_k8s_aws_user_v1alpha1_manifest.md +++ b/docs/data-sources/elasticache_services_k8s_aws_user_v1alpha1_manifest.md @@ -63,8 +63,8 @@ Required: Optional: - `no_password_required` (Boolean) Indicates a password is not required for this user. -- `passwords` (Attributes List) Passwords used for this user. You can create up to two passwords for each user. (see [below for nested schema](#nestedatt--spec--passwords)) -- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) +- `passwords` (Attributes List) Passwords used for this user. You can create up to two passwords for eachuser. (see [below for nested schema](#nestedatt--spec--passwords)) +- `tags` (Attributes List) A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted. (see [below for nested schema](#nestedatt--spec--tags)) ### Nested Schema for `spec.passwords` diff --git a/docs/data-sources/elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest.md b/docs/data-sources/elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest.md index f44d951b5..a76e90cf5 100644 --- a/docs/data-sources/elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest.md +++ b/docs/data-sources/elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest.md @@ -123,7 +123,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -133,7 +133,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -143,9 +143,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -620,6 +620,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -631,6 +632,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--containers--working_dir--windows_options)) + +### Nested Schema for `spec.node_sets.pod_template.spec.containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.node_sets.pod_template.spec.containers.working_dir.capabilities` @@ -767,8 +780,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -905,8 +919,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -966,8 +980,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1043,8 +1057,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1104,8 +1118,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1641,6 +1655,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1652,6 +1667,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers--working_dir--windows_options)) + +### Nested Schema for `spec.node_sets.pod_template.spec.ephemeral_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.node_sets.pod_template.spec.ephemeral_containers.working_dir.capabilities` @@ -1788,8 +1815,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2277,6 +2305,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2288,6 +2317,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers--working_dir--windows_options)) + +### Nested Schema for `spec.node_sets.pod_template.spec.init_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.node_sets.pod_template.spec.init_containers.working_dir.capabilities` @@ -2424,8 +2465,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2481,6 +2523,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2492,6 +2535,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--security_context--windows_options)) + +### Nested Schema for `spec.node_sets.pod_template.spec.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.node_sets.pod_template.spec.security_context.se_linux_options` @@ -2561,7 +2616,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2780,7 +2835,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--items--resource_field_ref)) @@ -2849,7 +2904,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3196,7 +3251,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) @@ -3430,7 +3485,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3502,7 +3557,7 @@ Optional: - `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC.Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource'Apart from above values - keys that are unprefixed or have kubernetes.io prefix are consideredreserved and hence may not be used.ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed.For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed'When this field is not set, it means that no resize operation is in progress for the given PVC.A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatusshould ignore the update for the purpose it was designed. For example - a controller thatonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other validresources associated with PVC.This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity.Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource'Apart from above values - keys that are unprefixed or have kubernetes.io prefix are consideredreserved and hence may not be used.Capacity reported here may be larger than the actual capacity when a volume expansion operationis requested.For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.If a volume expansion capacity request is lowered, allocatedResources is onlylowered if there are no expansion operations in progress and if the actual volume capacityis equal or lower than the requested capacity.A controller that receives PVC update with previously unknown resourceNameshould ignore the update for the purpose it was designed. For example - a controller thatonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other validresources associated with PVC.This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - `capacity` (Map of String) capacity represents the actual resources of the underlying volume. -- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--conditions)) +- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--conditions)) - `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaimThis is an alpha field and requires enabling VolumeAttributesClass feature. - `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.When this is unset, there is no ModifyVolume operation being attempted.This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--modify_volume_status)) - `phase` (String) phase represents the current phase of PersistentVolumeClaim. @@ -3520,7 +3575,7 @@ Optional: - `last_probe_time` (String) lastProbeTime is the time we probed the condition. - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another. - `message` (String) message is the human-readable message indicating details about last transition. -- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized. +- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized. @@ -3615,6 +3670,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -3885,6 +3941,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--transport--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types diff --git a/docs/data-sources/elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest.md b/docs/data-sources/elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest.md index 51f598efc..20c7230ec 100644 --- a/docs/data-sources/elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest.md +++ b/docs/data-sources/elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest.md @@ -116,7 +116,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -126,7 +126,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -136,9 +136,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -613,6 +613,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -624,6 +625,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--containers--working_dir--windows_options)) + +### Nested Schema for `spec.node_sets.pod_template.spec.containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.node_sets.pod_template.spec.containers.working_dir.capabilities` @@ -760,8 +773,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -898,8 +912,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -959,8 +973,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1036,8 +1050,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1097,8 +1111,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1634,6 +1648,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1645,6 +1660,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--ephemeral_containers--working_dir--windows_options)) + +### Nested Schema for `spec.node_sets.pod_template.spec.ephemeral_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.node_sets.pod_template.spec.ephemeral_containers.working_dir.capabilities` @@ -1781,8 +1808,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2270,6 +2298,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2281,6 +2310,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--init_containers--working_dir--windows_options)) + +### Nested Schema for `spec.node_sets.pod_template.spec.init_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.node_sets.pod_template.spec.init_containers.working_dir.capabilities` @@ -2417,8 +2458,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2474,6 +2516,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2485,6 +2528,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--security_context--windows_options)) + +### Nested Schema for `spec.node_sets.pod_template.spec.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.node_sets.pod_template.spec.security_context.se_linux_options` @@ -2554,7 +2609,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2773,7 +2828,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--items--resource_field_ref)) @@ -2842,7 +2897,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3189,7 +3244,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--node_sets--pod_template--spec--volumes--vsphere_volume--sources--service_account_token--items--resource_field_ref)) @@ -3423,7 +3478,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3495,7 +3550,7 @@ Optional: - `allocated_resource_statuses` (Map of String) allocatedResourceStatuses stores status of resource being resized for the given PVC.Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource'Apart from above values - keys that are unprefixed or have kubernetes.io prefix are consideredreserved and hence may not be used.ClaimResourceStatus can be in any of following states: - ControllerResizeInProgress: State set when resize controller starts resizing the volume in control-plane. - ControllerResizeFailed: State set when resize has failed in resize controller with a terminal error. - NodeResizePending: State set when resize controller has finished resizing the volume but further resizing of volume is needed on the node. - NodeResizeInProgress: State set when kubelet starts resizing the volume. - NodeResizeFailed: State set when resizing has failed in kubelet with a terminal error. Transient errors don't set NodeResizeFailed.For example: if expanding a PVC for more capacity - this field can be one of the following states: - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'ControllerResizeFailed' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizePending' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeInProgress' - pvc.status.allocatedResourceStatus['storage'] = 'NodeResizeFailed'When this field is not set, it means that no resize operation is in progress for the given PVC.A controller that receives PVC update with previously unknown resourceName or ClaimResourceStatusshould ignore the update for the purpose it was designed. For example - a controller thatonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other validresources associated with PVC.This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - `allocated_resources` (Map of String) allocatedResources tracks the resources allocated to a PVC including its capacity.Key names follow standard Kubernetes label syntax. Valid values are either: * Un-prefixed keys: - storage - the capacity of the volume. * Custom resources must use implementation-defined prefixed names such as 'example.com/my-custom-resource'Apart from above values - keys that are unprefixed or have kubernetes.io prefix are consideredreserved and hence may not be used.Capacity reported here may be larger than the actual capacity when a volume expansion operationis requested.For storage quota, the larger value from allocatedResources and PVC.spec.resources is used.If allocatedResources is not set, PVC.spec.resources alone is used for quota calculation.If a volume expansion capacity request is lowered, allocatedResources is onlylowered if there are no expansion operations in progress and if the actual volume capacityis equal or lower than the requested capacity.A controller that receives PVC update with previously unknown resourceNameshould ignore the update for the purpose it was designed. For example - a controller thatonly is responsible for resizing capacity of the volume, should ignore PVC updates that change other validresources associated with PVC.This is an alpha field and requires enabling RecoverVolumeExpansionFailure feature. - `capacity` (Map of String) capacity represents the actual resources of the underlying volume. -- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'. (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--conditions)) +- `conditions` (Attributes List) conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'. (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--conditions)) - `current_volume_attributes_class_name` (String) currentVolumeAttributesClassName is the current name of the VolumeAttributesClass the PVC is using.When unset, there is no VolumeAttributeClass applied to this PersistentVolumeClaimThis is an alpha field and requires enabling VolumeAttributesClass feature. - `modify_volume_status` (Attributes) ModifyVolumeStatus represents the status object of ControllerModifyVolume operation.When this is unset, there is no ModifyVolume operation being attempted.This is an alpha field and requires enabling VolumeAttributesClass feature. (see [below for nested schema](#nestedatt--spec--node_sets--volume_claim_templates--status--modify_volume_status)) - `phase` (String) phase represents the current phase of PersistentVolumeClaim. @@ -3513,7 +3568,7 @@ Optional: - `last_probe_time` (String) lastProbeTime is the time we probed the condition. - `last_transition_time` (String) lastTransitionTime is the time the condition transitioned from one status to another. - `message` (String) message is the human-readable message indicating details about last transition. -- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized. +- `reason` (String) reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized. @@ -3582,6 +3637,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types diff --git a/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md b/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md index c262dbedf..28fd0f277 100644 --- a/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md +++ b/docs/data-sources/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.md @@ -54,6 +54,7 @@ Optional: Optional: +- `certficate_arn` (List of String) CertificateARN specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams. - `group` (Attributes) Group defines the IngressGroup for all Ingresses that belong to IngressClass with this IngressClassParams. (see [below for nested schema](#nestedatt--spec--group)) - `inbound_cid_rs` (List of String) InboundCIDRs specifies the CIDRs that are allowed to access the Ingresses that belong to IngressClass with this IngressClassParams. - `ip_address_type` (String) IPAddressType defines the ip address type for all Ingresses that belong to IngressClass with this IngressClassParams. diff --git a/docs/data-sources/enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest.md b/docs/data-sources/enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest.md index b3b144753..8748896d4 100644 --- a/docs/data-sources/enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest.md +++ b/docs/data-sources/enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest.md @@ -136,6 +136,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -244,7 +245,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -254,7 +255,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -264,9 +265,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -741,6 +742,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -752,6 +754,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -888,8 +902,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -1026,8 +1041,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1087,8 +1102,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1164,8 +1179,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1225,8 +1240,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1762,6 +1777,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1773,6 +1789,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -1909,8 +1937,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2398,6 +2427,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2409,6 +2439,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -2545,8 +2587,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2602,6 +2645,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2613,6 +2657,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.se_linux_options` @@ -2682,7 +2738,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2901,7 +2957,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--resource_field_ref)) @@ -2970,7 +3026,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3317,7 +3373,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--resource_field_ref)) diff --git a/docs/data-sources/enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest.md b/docs/data-sources/enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest.md index b0ee46f3d..b11f0e85c 100644 --- a/docs/data-sources/enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest.md +++ b/docs/data-sources/enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest.md @@ -135,6 +135,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -243,7 +244,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -253,7 +254,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -263,9 +264,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -740,6 +741,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -751,6 +753,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -887,8 +901,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -1025,8 +1040,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1086,8 +1101,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1163,8 +1178,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1224,8 +1239,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1761,6 +1776,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1772,6 +1788,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -1908,8 +1936,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2397,6 +2426,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2408,6 +2438,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -2544,8 +2586,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2601,6 +2644,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2612,6 +2656,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.se_linux_options` @@ -2681,7 +2737,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2900,7 +2956,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--resource_field_ref)) @@ -2969,7 +3025,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3316,7 +3372,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--resource_field_ref)) diff --git a/docs/data-sources/externaldata_gatekeeper_sh_provider_v1alpha1_manifest.md b/docs/data-sources/externaldata_gatekeeper_sh_provider_v1alpha1_manifest.md index 245a72dae..e8d099cb5 100644 --- a/docs/data-sources/externaldata_gatekeeper_sh_provider_v1alpha1_manifest.md +++ b/docs/data-sources/externaldata_gatekeeper_sh_provider_v1alpha1_manifest.md @@ -54,6 +54,6 @@ Optional: Optional: -- `ca_bundle` (String) CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate. +- `ca_bundle` (String) CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format.It is used to verify the signature of the provider's certificate. - `timeout` (Number) Timeout is the timeout when querying the provider. - `url` (String) URL is the url for the provider. URL is prefixed with https://. diff --git a/docs/data-sources/externaldata_gatekeeper_sh_provider_v1beta1_manifest.md b/docs/data-sources/externaldata_gatekeeper_sh_provider_v1beta1_manifest.md index 93324ac95..07519559f 100644 --- a/docs/data-sources/externaldata_gatekeeper_sh_provider_v1beta1_manifest.md +++ b/docs/data-sources/externaldata_gatekeeper_sh_provider_v1beta1_manifest.md @@ -54,6 +54,6 @@ Optional: Optional: -- `ca_bundle` (String) CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate. +- `ca_bundle` (String) CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format.It is used to verify the signature of the provider's certificate. - `timeout` (Number) Timeout is the timeout when querying the provider. - `url` (String) URL is the url for the provider. URL is prefixed with https://. diff --git a/docs/data-sources/gateway_networking_k8s_io_gateway_class_v1_manifest.md b/docs/data-sources/gateway_networking_k8s_io_gateway_class_v1_manifest.md index 01978d35f..1acaad932 100644 --- a/docs/data-sources/gateway_networking_k8s_io_gateway_class_v1_manifest.md +++ b/docs/data-sources/gateway_networking_k8s_io_gateway_class_v1_manifest.md @@ -58,7 +58,7 @@ Required: Optional: - `description` (String) Description helps describe a GatewayClass with more details. -- `parameters_ref` (Attributes) ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, the GatewayClass's 'InvalidParameters'status condition will be true.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific (see [below for nested schema](#nestedatt--spec--parameters_ref)) +- `parameters_ref` (Attributes) ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, refers to an unsupported kind, or whenthe data within that resource is malformed, the GatewayClass SHOULD berejected with the 'Accepted' status condition set to 'False' and an'InvalidParameters' reason.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific (see [below for nested schema](#nestedatt--spec--parameters_ref)) ### Nested Schema for `spec.parameters_ref` diff --git a/docs/data-sources/gateway_networking_k8s_io_gateway_class_v1beta1_manifest.md b/docs/data-sources/gateway_networking_k8s_io_gateway_class_v1beta1_manifest.md index 6f23dee13..a55feb496 100644 --- a/docs/data-sources/gateway_networking_k8s_io_gateway_class_v1beta1_manifest.md +++ b/docs/data-sources/gateway_networking_k8s_io_gateway_class_v1beta1_manifest.md @@ -58,7 +58,7 @@ Required: Optional: - `description` (String) Description helps describe a GatewayClass with more details. -- `parameters_ref` (Attributes) ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, the GatewayClass's 'InvalidParameters'status condition will be true.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific (see [below for nested schema](#nestedatt--spec--parameters_ref)) +- `parameters_ref` (Attributes) ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, refers to an unsupported kind, or whenthe data within that resource is malformed, the GatewayClass SHOULD berejected with the 'Accepted' status condition set to 'False' and an'InvalidParameters' reason.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific (see [below for nested schema](#nestedatt--spec--parameters_ref)) ### Nested Schema for `spec.parameters_ref` diff --git a/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md b/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md new file mode 100644 index 000000000..79d7bef59 --- /dev/null +++ b/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md @@ -0,0 +1,411 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest Data Source - terraform-provider-k8s" +subcategory: "helm.toolkit.fluxcd.io" +description: |- + HelmRelease is the Schema for the helmreleases API +--- + +# k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest (Data Source) + +HelmRelease is the Schema for the helmreleases API + +## Example Usage + +```terraform +data "k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest" "example" { + metadata = { + name = "some-name" + namespace = "some-namespace" + } +} +``` + + +## Schema + +### Required + +- `metadata` (Attributes) Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details. (see [below for nested schema](#nestedatt--metadata)) + +### Optional + +- `spec` (Attributes) HelmReleaseSpec defines the desired state of a Helm release. (see [below for nested schema](#nestedatt--spec)) + +### Read-Only + +- `yaml` (String) The generated manifest in YAML format. + + +### Nested Schema for `metadata` + +Required: + +- `name` (String) Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details. +- `namespace` (String) Namespaces provides a mechanism for isolating groups of resources within a single cluster. See https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ for more details. + +Optional: + +- `annotations` (Map of String) Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details. +- `labels` (Map of String) Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details. + + + +### Nested Schema for `spec` + +Required: + +- `interval` (String) Interval at which to reconcile the Helm release. + +Optional: + +- `chart` (Attributes) Chart defines the template of the v1beta2.HelmChart that should be createdfor this HelmRelease. (see [below for nested schema](#nestedatt--spec--chart)) +- `chart_ref` (Attributes) ChartRef holds a reference to a source controller resource containing theHelm chart artifact. (see [below for nested schema](#nestedatt--spec--chart_ref)) +- `depends_on` (Attributes List) DependsOn may contain a meta.NamespacedObjectReference slice withreferences to HelmRelease resources that must be ready before this HelmReleasecan be reconciled. (see [below for nested schema](#nestedatt--spec--depends_on)) +- `drift_detection` (Attributes) DriftDetection holds the configuration for detecting and handlingdifferences between the manifest in the Helm storage and the resourcescurrently existing in the cluster. (see [below for nested schema](#nestedatt--spec--drift_detection)) +- `install` (Attributes) Install holds the configuration for Helm install actions for this HelmRelease. (see [below for nested schema](#nestedatt--spec--install)) +- `kube_config` (Attributes) KubeConfig for reconciling the HelmRelease on a remote cluster.When used in combination with HelmReleaseSpec.ServiceAccountName,forces the controller to act on behalf of that Service Account at thetarget cluster.If the --default-service-account flag is set, its value will be used asa controller level fallback for when HelmReleaseSpec.ServiceAccountNameis empty. (see [below for nested schema](#nestedatt--spec--kube_config)) +- `max_history` (Number) MaxHistory is the number of revisions saved by Helm for this HelmRelease.Use '0' for an unlimited number of revisions; defaults to '5'. +- `persistent_client` (Boolean) PersistentClient tells the controller to use a persistent Kubernetesclient for this release. When enabled, the client will be reused for theduration of the reconciliation, instead of being created and destroyedfor each (step of a) Helm action.This can improve performance, but may cause issues with some Helm chartsthat for example do create Custom Resource Definitions during installationoutside Helm's CRD lifecycle hooks, which are then not observed to beavailable by e.g. post-install hooks.If not set, it defaults to true. +- `post_renderers` (Attributes List) PostRenderers holds an array of Helm PostRenderers, which will be applied in orderof their definition. (see [below for nested schema](#nestedatt--spec--post_renderers)) +- `release_name` (String) ReleaseName used for the Helm release. Defaults to a composition of'[TargetNamespace-]Name'. +- `rollback` (Attributes) Rollback holds the configuration for Helm rollback actions for this HelmRelease. (see [below for nested schema](#nestedatt--spec--rollback)) +- `service_account_name` (String) The name of the Kubernetes service account to impersonatewhen reconciling this HelmRelease. +- `storage_namespace` (String) StorageNamespace used for the Helm storage.Defaults to the namespace of the HelmRelease. +- `suspend` (Boolean) Suspend tells the controller to suspend reconciliation for this HelmRelease,it does not apply to already started reconciliations. Defaults to false. +- `target_namespace` (String) TargetNamespace to target when performing operations for the HelmRelease.Defaults to the namespace of the HelmRelease. +- `test` (Attributes) Test holds the configuration for Helm test actions for this HelmRelease. (see [below for nested schema](#nestedatt--spec--test)) +- `timeout` (String) Timeout is the time to wait for any individual Kubernetes operation (like Jobsfor hooks) during the performance of a Helm action. Defaults to '5m0s'. +- `uninstall` (Attributes) Uninstall holds the configuration for Helm uninstall actions for this HelmRelease. (see [below for nested schema](#nestedatt--spec--uninstall)) +- `upgrade` (Attributes) Upgrade holds the configuration for Helm upgrade actions for this HelmRelease. (see [below for nested schema](#nestedatt--spec--upgrade)) +- `values` (Map of String) Values holds the values for this Helm release. +- `values_from` (Attributes List) ValuesFrom holds references to resources containing Helm values for this HelmRelease,and information about how they should be merged. (see [below for nested schema](#nestedatt--spec--values_from)) + + +### Nested Schema for `spec.chart` + +Required: + +- `spec` (Attributes) Spec holds the template for the v1beta2.HelmChartSpec for this HelmRelease. (see [below for nested schema](#nestedatt--spec--chart--spec)) + +Optional: + +- `metadata` (Attributes) ObjectMeta holds the template for metadata like labels and annotations. (see [below for nested schema](#nestedatt--spec--chart--metadata)) + + +### Nested Schema for `spec.chart.spec` + +Required: + +- `chart` (String) The name or path the Helm chart is available at in the SourceRef. +- `source_ref` (Attributes) The name and namespace of the v1.Source the chart is available at. (see [below for nested schema](#nestedatt--spec--chart--spec--source_ref)) + +Optional: + +- `ignore_missing_values_files` (Boolean) IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than failing. +- `interval` (String) Interval at which to check the v1.Source for updates. Defaults to'HelmReleaseSpec.Interval'. +- `reconcile_strategy` (String) Determines what enables the creation of a new artifact. Valid values are('ChartVersion', 'Revision').See the documentation of the values for an explanation on their behavior.Defaults to ChartVersion when omitted. +- `values_files` (List of String) Alternative list of values files to use as the chart values (values.yamlis not included by default), expected to be a relative path in the SourceRef.Values files are merged in the order of this list with the last file overridingthe first. Ignored when omitted. +- `verify` (Attributes) Verify contains the secret name containing the trusted public keysused to verify the signature and specifies which provider to use to checkwhether OCI image is authentic.This field is only supported for OCI sources.Chart dependencies, which are not bundled in the umbrella chart artifact,are not verified. (see [below for nested schema](#nestedatt--spec--chart--spec--verify)) +- `version` (String) Version semver expression, ignored for charts from v1beta2.GitRepository andv1beta2.Bucket sources. Defaults to latest when omitted. + + +### Nested Schema for `spec.chart.spec.source_ref` + +Required: + +- `name` (String) Name of the referent. + +Optional: + +- `api_version` (String) APIVersion of the referent. +- `kind` (String) Kind of the referent. +- `namespace` (String) Namespace of the referent. + + + +### Nested Schema for `spec.chart.spec.verify` + +Required: + +- `provider` (String) Provider specifies the technology used to sign the OCI Helm chart. + +Optional: + +- `secret_ref` (Attributes) SecretRef specifies the Kubernetes Secret containing thetrusted public keys. (see [below for nested schema](#nestedatt--spec--chart--spec--version--secret_ref)) + + +### Nested Schema for `spec.chart.spec.version.secret_ref` + +Required: + +- `name` (String) Name of the referent. + + + + + +### Nested Schema for `spec.chart.metadata` + +Optional: + +- `annotations` (Map of String) Annotations is an unstructured key value map stored with a resource that may beset by external tools to store and retrieve arbitrary metadata. They are notqueryable and should be preserved when modifying objects.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +- `labels` (Map of String) Map of string keys and values that can be used to organize and categorize(scope and select) objects.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + + + + +### Nested Schema for `spec.chart_ref` + +Required: + +- `kind` (String) Kind of the referent. +- `name` (String) Name of the referent. + +Optional: + +- `api_version` (String) APIVersion of the referent. +- `namespace` (String) Namespace of the referent, defaults to the namespace of the Kubernetesresource object that contains the reference. + + + +### Nested Schema for `spec.depends_on` + +Required: + +- `name` (String) Name of the referent. + +Optional: + +- `namespace` (String) Namespace of the referent, when not specified it acts as LocalObjectReference. + + + +### Nested Schema for `spec.drift_detection` + +Optional: + +- `ignore` (Attributes List) Ignore contains a list of rules for specifying which changes to ignoreduring diffing. (see [below for nested schema](#nestedatt--spec--drift_detection--ignore)) +- `mode` (String) Mode defines how differences should be handled between the Helm manifestand the manifest currently applied to the cluster.If not explicitly set, it defaults to DiffModeDisabled. + + +### Nested Schema for `spec.drift_detection.ignore` + +Required: + +- `paths` (List of String) Paths is a list of JSON Pointer (RFC 6901) paths to be excluded fromconsideration in a Kubernetes object. + +Optional: + +- `target` (Attributes) Target is a selector for specifying Kubernetes objects to which thisrule applies.If Target is not set, the Paths will be ignored for all Kubernetesobjects within the manifest of the Helm release. (see [below for nested schema](#nestedatt--spec--drift_detection--ignore--target)) + + +### Nested Schema for `spec.drift_detection.ignore.target` + +Optional: + +- `annotation_selector` (String) AnnotationSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource annotations. +- `group` (String) Group is the API group to select resources from.Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md +- `kind` (String) Kind of the API Group to select resources from.Together with Group and Version it is capable of unambiguouslyidentifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md +- `label_selector` (String) LabelSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource labels. +- `name` (String) Name to match resources with. +- `namespace` (String) Namespace to select resources from. +- `version` (String) Version of the API Group to select resources from.Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + + + + + +### Nested Schema for `spec.install` + +Optional: + +- `crds` (String) CRDs upgrade CRDs from the Helm Chart's crds directory accordingto the CRD upgrade policy provided here. Valid values are 'Skip','Create' or 'CreateReplace'. Default is 'Create' and if omittedCRDs are installed but not updated.Skip: do neither install nor replace (update) any CRDs.Create: new CRDs are created, existing CRDs are neither updated nor deleted.CreateReplace: new CRDs are created, existing CRDs are updated (replaced)but not deleted.By default, CRDs are applied (installed) during Helm install action.With this option users can opt in to CRD replace existing CRDs on Helminstall actions, which is not (yet) natively supported by Helm.https://helm.sh/docs/chart_best_practices/custom_resource_definitions. +- `create_namespace` (Boolean) CreateNamespace tells the Helm install action to create theHelmReleaseSpec.TargetNamespace if it does not exist yet.On uninstall, the namespace will not be garbage collected. +- `disable_hooks` (Boolean) DisableHooks prevents hooks from running during the Helm install action. +- `disable_open_api_validation` (Boolean) DisableOpenAPIValidation prevents the Helm install action from validatingrendered templates against the Kubernetes OpenAPI Schema. +- `disable_wait` (Boolean) DisableWait disables the waiting for resources to be ready after a Helminstall has been performed. +- `disable_wait_for_jobs` (Boolean) DisableWaitForJobs disables waiting for jobs to complete after a Helminstall has been performed. +- `remediation` (Attributes) Remediation holds the remediation configuration for when the Helm installaction for the HelmRelease fails. The default is to not perform any action. (see [below for nested schema](#nestedatt--spec--install--remediation)) +- `replace` (Boolean) Replace tells the Helm install action to re-use the 'ReleaseName', but onlyif that name is a deleted release which remains in the history. +- `skip_cr_ds` (Boolean) SkipCRDs tells the Helm install action to not install any CRDs. By default,CRDs are installed if not already present.Deprecated use CRD policy ('crds') attribute with value 'Skip' instead. +- `timeout` (String) Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm install action. Defaults to'HelmReleaseSpec.Timeout'. + + +### Nested Schema for `spec.install.remediation` + +Optional: + +- `ignore_test_failures` (Boolean) IgnoreTestFailures tells the controller to skip remediation when the Helmtests are run after an install action but fail. Defaults to'Test.IgnoreFailures'. +- `remediate_last_failure` (Boolean) RemediateLastFailure tells the controller to remediate the last failure, whenno retries remain. Defaults to 'false'. +- `retries` (Number) Retries is the number of retries that should be attempted on failures beforebailing. Remediation, using an uninstall, is performed between each attempt.Defaults to '0', a negative integer equals to unlimited retries. + + + + +### Nested Schema for `spec.kube_config` + +Required: + +- `secret_ref` (Attributes) SecretRef holds the name of a secret that contains a key withthe kubeconfig file as the value. If no key is set, the key will defaultto 'value'.It is recommended that the kubeconfig is self-contained, and the secretis regularly updated if credentials such as a cloud-access-token expire.Cloud specific 'cmd-path' auth helpers will not function without addingbinaries and credentials to the Pod that is responsible for reconcilingKubernetes resources. (see [below for nested schema](#nestedatt--spec--kube_config--secret_ref)) + + +### Nested Schema for `spec.kube_config.secret_ref` + +Required: + +- `name` (String) Name of the Secret. + +Optional: + +- `key` (String) Key in the Secret, when not specified an implementation-specific default key is used. + + + + +### Nested Schema for `spec.post_renderers` + +Optional: + +- `kustomize` (Attributes) Kustomization to apply as PostRenderer. (see [below for nested schema](#nestedatt--spec--post_renderers--kustomize)) + + +### Nested Schema for `spec.post_renderers.kustomize` + +Optional: + +- `images` (Attributes List) Images is a list of (image name, new name, new tag or digest)for changing image names, tags or digests. This can also be achieved with apatch, but this operator is simpler to specify. (see [below for nested schema](#nestedatt--spec--post_renderers--kustomize--images)) +- `patches` (Attributes List) Strategic merge and JSON patches, defined as inline YAML objects,capable of targeting objects based on kind, label and annotation selectors. (see [below for nested schema](#nestedatt--spec--post_renderers--kustomize--patches)) + + +### Nested Schema for `spec.post_renderers.kustomize.images` + +Required: + +- `name` (String) Name is a tag-less image name. + +Optional: + +- `digest` (String) Digest is the value used to replace the original image tag.If digest is present NewTag value is ignored. +- `new_name` (String) NewName is the value used to replace the original name. +- `new_tag` (String) NewTag is the value used to replace the original tag. + + + +### Nested Schema for `spec.post_renderers.kustomize.patches` + +Required: + +- `patch` (String) Patch contains an inline StrategicMerge patch or an inline JSON6902 patch withan array of operation objects. + +Optional: + +- `target` (Attributes) Target points to the resources that the patch document should be applied to. (see [below for nested schema](#nestedatt--spec--post_renderers--kustomize--patches--target)) + + +### Nested Schema for `spec.post_renderers.kustomize.patches.target` + +Optional: + +- `annotation_selector` (String) AnnotationSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource annotations. +- `group` (String) Group is the API group to select resources from.Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md +- `kind` (String) Kind of the API Group to select resources from.Together with Group and Version it is capable of unambiguouslyidentifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md +- `label_selector` (String) LabelSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource labels. +- `name` (String) Name to match resources with. +- `namespace` (String) Namespace to select resources from. +- `version` (String) Version of the API Group to select resources from.Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + + + + + + +### Nested Schema for `spec.rollback` + +Optional: + +- `cleanup_on_fail` (Boolean) CleanupOnFail allows deletion of new resources created during the Helmrollback action when it fails. +- `disable_hooks` (Boolean) DisableHooks prevents hooks from running during the Helm rollback action. +- `disable_wait` (Boolean) DisableWait disables the waiting for resources to be ready after a Helmrollback has been performed. +- `disable_wait_for_jobs` (Boolean) DisableWaitForJobs disables waiting for jobs to complete after a Helmrollback has been performed. +- `force` (Boolean) Force forces resource updates through a replacement strategy. +- `recreate` (Boolean) Recreate performs pod restarts for the resource if applicable. +- `timeout` (String) Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm rollback action. Defaults to'HelmReleaseSpec.Timeout'. + + + +### Nested Schema for `spec.test` + +Optional: + +- `enable` (Boolean) Enable enables Helm test actions for this HelmRelease after an Helm installor upgrade action has been performed. +- `filters` (Attributes List) Filters is a list of tests to run or exclude from running. (see [below for nested schema](#nestedatt--spec--test--filters)) +- `ignore_failures` (Boolean) IgnoreFailures tells the controller to skip remediation when the Helm testsare run but fail. Can be overwritten for tests run after install or upgradeactions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'. +- `timeout` (String) Timeout is the time to wait for any individual Kubernetes operation duringthe performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'. + + +### Nested Schema for `spec.test.filters` + +Required: + +- `name` (String) Name is the name of the test. + +Optional: + +- `exclude` (Boolean) Exclude specifies whether the named test should be excluded. + + + + +### Nested Schema for `spec.uninstall` + +Optional: + +- `deletion_propagation` (String) DeletionPropagation specifies the deletion propagation policy whena Helm uninstall is performed. +- `disable_hooks` (Boolean) DisableHooks prevents hooks from running during the Helm rollback action. +- `disable_wait` (Boolean) DisableWait disables waiting for all the resources to be deleted aftera Helm uninstall is performed. +- `keep_history` (Boolean) KeepHistory tells Helm to remove all associated resources and mark therelease as deleted, but retain the release history. +- `timeout` (String) Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm uninstall action. Defaultsto 'HelmReleaseSpec.Timeout'. + + + +### Nested Schema for `spec.upgrade` + +Optional: + +- `cleanup_on_fail` (Boolean) CleanupOnFail allows deletion of new resources created during the Helmupgrade action when it fails. +- `crds` (String) CRDs upgrade CRDs from the Helm Chart's crds directory accordingto the CRD upgrade policy provided here. Valid values are 'Skip','Create' or 'CreateReplace'. Default is 'Skip' and if omittedCRDs are neither installed nor upgraded.Skip: do neither install nor replace (update) any CRDs.Create: new CRDs are created, existing CRDs are neither updated nor deleted.CreateReplace: new CRDs are created, existing CRDs are updated (replaced)but not deleted.By default, CRDs are not applied during Helm upgrade action. With thisoption users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm.https://helm.sh/docs/chart_best_practices/custom_resource_definitions. +- `disable_hooks` (Boolean) DisableHooks prevents hooks from running during the Helm upgrade action. +- `disable_open_api_validation` (Boolean) DisableOpenAPIValidation prevents the Helm upgrade action from validatingrendered templates against the Kubernetes OpenAPI Schema. +- `disable_wait` (Boolean) DisableWait disables the waiting for resources to be ready after a Helmupgrade has been performed. +- `disable_wait_for_jobs` (Boolean) DisableWaitForJobs disables waiting for jobs to complete after a Helmupgrade has been performed. +- `force` (Boolean) Force forces resource updates through a replacement strategy. +- `preserve_values` (Boolean) PreserveValues will make Helm reuse the last release's values and merge inoverrides from 'Values'. Setting this flag makes the HelmReleasenon-declarative. +- `remediation` (Attributes) Remediation holds the remediation configuration for when the Helm upgradeaction for the HelmRelease fails. The default is to not perform any action. (see [below for nested schema](#nestedatt--spec--upgrade--remediation)) +- `timeout` (String) Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm upgrade action. Defaults to'HelmReleaseSpec.Timeout'. + + +### Nested Schema for `spec.upgrade.remediation` + +Optional: + +- `ignore_test_failures` (Boolean) IgnoreTestFailures tells the controller to skip remediation when the Helmtests are run after an upgrade action but fail.Defaults to 'Test.IgnoreFailures'. +- `remediate_last_failure` (Boolean) RemediateLastFailure tells the controller to remediate the last failure, whenno retries remain. Defaults to 'false' unless 'Retries' is greater than 0. +- `retries` (Number) Retries is the number of retries that should be attempted on failures beforebailing. Remediation, using 'Strategy', is performed between each attempt.Defaults to '0', a negative integer equals to unlimited retries. +- `strategy` (String) Strategy to use for failure remediation. Defaults to 'rollback'. + + + + +### Nested Schema for `spec.values_from` + +Required: + +- `kind` (String) Kind of the values referent, valid values are ('Secret', 'ConfigMap'). +- `name` (String) Name of the values referent. Should reside in the same namespace as thereferring resource. + +Optional: + +- `optional` (Boolean) Optional marks this ValuesReference as optional. When set, a not found errorfor the values reference is ignored, but any ValuesKey, TargetPath ortransient error will still result in a reconciliation failure. +- `target_path` (String) TargetPath is the YAML dot notation path the value should be merged at. Whenset, the ValuesKey is expected to be a single flat value. Defaults to 'None',which results in the values getting merged at the root. +- `values_key` (String) ValuesKey is the data key where the values.yaml or a specific value can befound at. Defaults to 'values.yaml'. diff --git a/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest.md b/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest.md index 1734cb84a..b9c00da08 100644 --- a/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest.md +++ b/docs/data-sources/helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest.md @@ -102,6 +102,7 @@ Required: Optional: +- `ignore_missing_values_files` (Boolean) IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than failing. - `interval` (String) Interval at which to check the v1.Source for updates. Defaults to'HelmReleaseSpec.Interval'. - `reconcile_strategy` (String) Determines what enables the creation of a new artifact. Valid values are('ChartVersion', 'Revision').See the documentation of the values for an explanation on their behavior.Defaults to ChartVersion when omitted. - `values_file` (String) Alternative values file to use as the default chart values, expected tobe a relative path in the SourceRef. Deprecated in favor of ValuesFiles,for backwards compatibility the file defined here is merged before theValuesFiles items. Ignored when omitted. diff --git a/docs/data-sources/infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest.md b/docs/data-sources/infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest.md index d99be3fc3..413265866 100644 --- a/docs/data-sources/infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest.md +++ b/docs/data-sources/infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest.md @@ -76,7 +76,7 @@ Optional: - `image_lookup_os_distro` (String) ImageLookupOSDistro is the name of the OS distro to use when fetching machine images,if not set it will default to ubuntu. - `image_lookup_os_version` (String) ImageLookupOSVersion is the version of the OS distribution to use when fetching machineimages. If not set it will default based on ImageLookupOSDistro. - `provider_id` (String) -- `template_override` (String) TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://docs.tinkerbell.org/templates/ +- `template_override` (String) TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://tinkerbell.org/docs/concepts/templates/ ### Nested Schema for `spec.template.spec.hardware_affinity` diff --git a/docs/data-sources/infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest.md b/docs/data-sources/infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest.md index b0d11348b..2bf3751aa 100644 --- a/docs/data-sources/infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest.md +++ b/docs/data-sources/infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest.md @@ -62,7 +62,7 @@ Optional: - `image_lookup_os_distro` (String) ImageLookupOSDistro is the name of the OS distro to use when fetching machine images,if not set it will default to ubuntu. - `image_lookup_os_version` (String) ImageLookupOSVersion is the version of the OS distribution to use when fetching machineimages. If not set it will default based on ImageLookupOSDistro. - `provider_id` (String) -- `template_override` (String) TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://docs.tinkerbell.org/templates/ +- `template_override` (String) TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://tinkerbell.org/docs/concepts/templates/ ### Nested Schema for `spec.hardware_affinity` diff --git a/docs/data-sources/jobset_x_k8s_io_job_set_v1alpha2_manifest.md b/docs/data-sources/jobset_x_k8s_io_job_set_v1alpha2_manifest.md index 22388c3cb..bcd4578ac 100644 --- a/docs/data-sources/jobset_x_k8s_io_job_set_v1alpha2_manifest.md +++ b/docs/data-sources/jobset_x_k8s_io_job_set_v1alpha2_manifest.md @@ -56,7 +56,7 @@ Optional: Optional: - `failure_policy` (Attributes) FailurePolicy, if set, configures when to declare the JobSet asfailed.The JobSet is always declared failed if any job in the setfinished with status failed. (see [below for nested schema](#nestedatt--spec--failure_policy)) -- `managed_by` (String) ManagedBy is used to indicate the controller or entity that manages a JobSet +- `managed_by` (String) ManagedBy is used to indicate the controller or entity that manages a JobSet.The built-in JobSet controller reconciles JobSets which don't have thisfield at all or the field value is the reserved string'jobset.sigs.k8s.io/jobset-controller', but skips reconciling JobSetswith a custom value for this field.The value must be a valid domain-prefixed path (e.g. acme.io/foo) -all characters before the first '/' must be a valid subdomain as definedby RFC 1123. All characters trailing the first '/' must be valid HTTP Pathcharacters as defined by RFC 3986. The value cannot exceed 63 characters.The field is immutable. - `network` (Attributes) Network defines the networking options for the jobset. (see [below for nested schema](#nestedatt--spec--network)) - `replicated_jobs` (Attributes List) ReplicatedJobs is the group of jobs that will form the set. (see [below for nested schema](#nestedatt--spec--replicated_jobs)) - `startup_policy` (Attributes) StartupPolicy, if set, configures in what order jobs must be started (see [below for nested schema](#nestedatt--spec--startup_policy)) diff --git a/docs/data-sources/kamaji_clastix_io_data_store_v1alpha1_manifest.md b/docs/data-sources/kamaji_clastix_io_data_store_v1alpha1_manifest.md index 27e6e6acd..2f10a6e4b 100644 --- a/docs/data-sources/kamaji_clastix_io_data_store_v1alpha1_manifest.md +++ b/docs/data-sources/kamaji_clastix_io_data_store_v1alpha1_manifest.md @@ -56,41 +56,30 @@ Required: - `driver` (String) The driver to use to connect to the shared datastore. - `endpoints` (List of String) List of the endpoints to connect to the shared datastore.No need for protocol, just bare IP/FQDN and port. -- `tls_config` (Attributes) Defines the TLS/SSL configuration required to connect to the data store in a secure way. (see [below for nested schema](#nestedatt--spec--tls_config)) Optional: - `basic_auth` (Attributes) In case of authentication enabled for the given data store, specifies the username and password pair.This value is optional. (see [below for nested schema](#nestedatt--spec--basic_auth)) +- `tls_config` (Attributes) Defines the TLS/SSL configuration required to connect to the data store in a secure way.This value is optional. (see [below for nested schema](#nestedatt--spec--tls_config)) - -### Nested Schema for `spec.tls_config` - -Required: - -- `certificate_authority` (Attributes) Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference.The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this. (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority)) -- `client_certificate` (Attributes) Specifies the SSL/TLS key and private key pair used to connect to the data store. (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate)) - - -### Nested Schema for `spec.tls_config.certificate_authority` + +### Nested Schema for `spec.basic_auth` Required: -- `certificate` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority--certificate)) - -Optional: - -- `private_key` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority--private_key)) +- `password` (Attributes) (see [below for nested schema](#nestedatt--spec--basic_auth--password)) +- `username` (Attributes) (see [below for nested schema](#nestedatt--spec--basic_auth--username)) - -### Nested Schema for `spec.tls_config.certificate_authority.certificate` + +### Nested Schema for `spec.basic_auth.password` Optional: - `content` (String) Bare content of the file, base64 encoded.It has precedence over the SecretReference value. -- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority--private_key--secret_reference)) +- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--basic_auth--password--secret_reference)) - -### Nested Schema for `spec.tls_config.certificate_authority.private_key.secret_reference` + +### Nested Schema for `spec.basic_auth.password.secret_reference` Required: @@ -103,16 +92,16 @@ Optional: - -### Nested Schema for `spec.tls_config.certificate_authority.private_key` + +### Nested Schema for `spec.basic_auth.username` Optional: - `content` (String) Bare content of the file, base64 encoded.It has precedence over the SecretReference value. -- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority--private_key--secret_reference)) +- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--basic_auth--username--secret_reference)) - -### Nested Schema for `spec.tls_config.certificate_authority.private_key.secret_reference` + +### Nested Schema for `spec.basic_auth.username.secret_reference` Required: @@ -126,24 +115,38 @@ Optional: - -### Nested Schema for `spec.tls_config.client_certificate` + +### Nested Schema for `spec.tls_config` Required: -- `certificate` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate--certificate)) -- `private_key` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate--private_key)) +- `certificate_authority` (Attributes) Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference.The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this. (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority)) - -### Nested Schema for `spec.tls_config.client_certificate.certificate` +Optional: + +- `client_certificate` (Attributes) Specifies the SSL/TLS key and private key pair used to connect to the data store. (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate)) + + +### Nested Schema for `spec.tls_config.certificate_authority` + +Required: + +- `certificate` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority--certificate)) + +Optional: + +- `private_key` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority--private_key)) + + +### Nested Schema for `spec.tls_config.certificate_authority.certificate` Optional: - `content` (String) Bare content of the file, base64 encoded.It has precedence over the SecretReference value. -- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate--private_key--secret_reference)) +- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority--private_key--secret_reference)) - -### Nested Schema for `spec.tls_config.client_certificate.private_key.secret_reference` + +### Nested Schema for `spec.tls_config.certificate_authority.private_key.secret_reference` Required: @@ -156,16 +159,16 @@ Optional: - -### Nested Schema for `spec.tls_config.client_certificate.private_key` + +### Nested Schema for `spec.tls_config.certificate_authority.private_key` Optional: - `content` (String) Bare content of the file, base64 encoded.It has precedence over the SecretReference value. -- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate--private_key--secret_reference)) +- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--certificate_authority--private_key--secret_reference)) - -### Nested Schema for `spec.tls_config.client_certificate.private_key.secret_reference` + +### Nested Schema for `spec.tls_config.certificate_authority.private_key.secret_reference` Required: @@ -179,25 +182,24 @@ Optional: - - -### Nested Schema for `spec.basic_auth` + +### Nested Schema for `spec.tls_config.client_certificate` Required: -- `password` (Attributes) (see [below for nested schema](#nestedatt--spec--basic_auth--password)) -- `username` (Attributes) (see [below for nested schema](#nestedatt--spec--basic_auth--username)) +- `certificate` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate--certificate)) +- `private_key` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate--private_key)) - -### Nested Schema for `spec.basic_auth.password` + +### Nested Schema for `spec.tls_config.client_certificate.certificate` Optional: - `content` (String) Bare content of the file, base64 encoded.It has precedence over the SecretReference value. -- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--basic_auth--password--secret_reference)) +- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate--private_key--secret_reference)) - -### Nested Schema for `spec.basic_auth.password.secret_reference` + +### Nested Schema for `spec.tls_config.client_certificate.private_key.secret_reference` Required: @@ -210,16 +212,16 @@ Optional: - -### Nested Schema for `spec.basic_auth.username` + +### Nested Schema for `spec.tls_config.client_certificate.private_key` Optional: - `content` (String) Bare content of the file, base64 encoded.It has precedence over the SecretReference value. -- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--basic_auth--username--secret_reference)) +- `secret_reference` (Attributes) (see [below for nested schema](#nestedatt--spec--tls_config--client_certificate--private_key--secret_reference)) - -### Nested Schema for `spec.basic_auth.username.secret_reference` + +### Nested Schema for `spec.tls_config.client_certificate.private_key.secret_reference` Required: diff --git a/docs/data-sources/kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest.md b/docs/data-sources/kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest.md index 2d056238c..d5c1d8c2c 100644 --- a/docs/data-sources/kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest.md +++ b/docs/data-sources/kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest.md @@ -2893,8 +2893,21 @@ Optional: - `extra_args` (List of String) ExtraArgs allows adding additional arguments to said component.WARNING - This option can override existing konnectivityparameters and cause konnectivity components to misbehave inunxpected ways. Only modify if you know what you are doing. - `image` (String) AgentImage defines the container image for Konnectivity's agent. +- `tolerations` (Attributes List) Tolerations for the deployed agent.Can be customized to start the konnectivity-agent even if the nodes are not ready or tainted. (see [below for nested schema](#nestedatt--spec--addons--konnectivity--server--tolerations)) - `version` (String) Version for Konnectivity agent. + +### Nested Schema for `spec.addons.konnectivity.server.tolerations` + +Optional: + +- `effect` (String) Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. +- `key` (String) Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys. +- `operator` (String) Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category. +- `toleration_seconds` (Number) TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system. +- `value` (String) Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string. + + ### Nested Schema for `spec.addons.konnectivity.server` diff --git a/docs/data-sources/kibana_k8s_elastic_co_kibana_v1_manifest.md b/docs/data-sources/kibana_k8s_elastic_co_kibana_v1_manifest.md index f87f46b4a..b7896a29d 100644 --- a/docs/data-sources/kibana_k8s_elastic_co_kibana_v1_manifest.md +++ b/docs/data-sources/kibana_k8s_elastic_co_kibana_v1_manifest.md @@ -144,6 +144,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -299,7 +300,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -309,7 +310,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -319,9 +320,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -796,6 +797,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -807,6 +809,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -943,8 +957,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -1081,8 +1096,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1142,8 +1157,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1219,8 +1234,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1280,8 +1295,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1817,6 +1832,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1828,6 +1844,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -1964,8 +1992,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2453,6 +2482,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2464,6 +2494,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -2600,8 +2642,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2657,6 +2700,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2668,6 +2712,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.se_linux_options` @@ -2737,7 +2793,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2956,7 +3012,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--resource_field_ref)) @@ -3025,7 +3081,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3372,7 +3428,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--resource_field_ref)) diff --git a/docs/data-sources/kibana_k8s_elastic_co_kibana_v1beta1_manifest.md b/docs/data-sources/kibana_k8s_elastic_co_kibana_v1beta1_manifest.md index 5e744e5e0..e1c0fc404 100644 --- a/docs/data-sources/kibana_k8s_elastic_co_kibana_v1beta1_manifest.md +++ b/docs/data-sources/kibana_k8s_elastic_co_kibana_v1beta1_manifest.md @@ -127,6 +127,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -235,7 +236,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -245,7 +246,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -255,9 +256,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -732,6 +733,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -743,6 +745,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -879,8 +893,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -1017,8 +1032,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1078,8 +1093,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1155,8 +1170,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1216,8 +1231,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1753,6 +1768,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1764,6 +1780,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -1900,8 +1928,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2389,6 +2418,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2400,6 +2430,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -2536,8 +2578,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2593,6 +2636,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2604,6 +2648,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.se_linux_options` @@ -2673,7 +2729,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2892,7 +2948,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--resource_field_ref)) @@ -2961,7 +3017,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3308,7 +3364,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--resource_field_ref)) diff --git a/docs/data-sources/kuadrant_io_dns_record_v1alpha1_manifest.md b/docs/data-sources/kuadrant_io_dns_record_v1alpha1_manifest.md index 6a3daa389..e12e0ffca 100644 --- a/docs/data-sources/kuadrant_io_dns_record_v1alpha1_manifest.md +++ b/docs/data-sources/kuadrant_io_dns_record_v1alpha1_manifest.md @@ -56,13 +56,13 @@ Optional: Required: - `managed_zone` (Attributes) managedZone is a reference to a ManagedZone instance to which this record will publish its endpoints. (see [below for nested schema](#nestedatt--spec--managed_zone)) +- `owner_id` (String) ownerID is a unique string used to identify the owner of this record. +- `root_host` (String) rootHost is the single root for all endpoints in a DNSRecord. it is expected all defined endpoints are children of or equal to this rootHost Optional: - `endpoints` (Attributes List) endpoints is a list of endpoints that will be published into the dns provider. (see [below for nested schema](#nestedatt--spec--endpoints)) - `health_check` (Attributes) HealthCheckSpec configures health checks in the DNS provider. By default this health check will be applied to each unique DNS A Record for the listeners assigned to the target gateway (see [below for nested schema](#nestedatt--spec--health_check)) -- `owner_id` (String) ownerID is a unique string used to identify the owner of this record. -- `root_host` (String) rootHost is the single root for all endpoints in a DNSRecord. If rootHost is set, it is expected all defined endpoints are children of or equal to this rootHost ### Nested Schema for `spec.managed_zone` diff --git a/docs/data-sources/kueue_x_k8s_io_cluster_queue_v1beta1_manifest.md b/docs/data-sources/kueue_x_k8s_io_cluster_queue_v1beta1_manifest.md index 096ed4f73..b9e553d59 100644 --- a/docs/data-sources/kueue_x_k8s_io_cluster_queue_v1beta1_manifest.md +++ b/docs/data-sources/kueue_x_k8s_io_cluster_queue_v1beta1_manifest.md @@ -57,6 +57,7 @@ Optional: - `admission_checks` (List of String) admissionChecks lists the AdmissionChecks required by this ClusterQueue.Cannot be used along with AdmissionCheckStrategy. - `admission_checks_strategy` (Attributes) admissionCheckStrategy defines a list of strategies to determine which ResourceFlavors require AdmissionChecks.This property cannot be used in conjunction with the 'admissionChecks' property. (see [below for nested schema](#nestedatt--spec--admission_checks_strategy)) - `cohort` (String) cohort that this ClusterQueue belongs to. CQs that belong to thesame cohort can borrow unused resources from each other.A CQ can be a member of a single borrowing cohort. A workload submittedto a queue referencing this CQ can borrow quota from any CQ in the cohort.Only quota for the [resource, flavor] pairs listed in the CQ can beborrowed.If empty, this ClusterQueue cannot borrow from any other ClusterQueue andvice versa.A cohort is a name that links CQs together, but it doesn't reference anyobject.Validation of a cohort name is equivalent to that of object names:subdomain in DNS (RFC 1123). +- `fair_sharing` (Attributes) fairSharing defines the properties of the ClusterQueue when participating in fair sharing.The values are only relevant if fair sharing is enabled in the Kueue configuration. (see [below for nested schema](#nestedatt--spec--fair_sharing)) - `flavor_fungibility` (Attributes) flavorFungibility defines whether a workload should try the next flavorbefore borrowing or preempting in the flavor being evaluated. (see [below for nested schema](#nestedatt--spec--flavor_fungibility)) - `namespace_selector` (Attributes) namespaceSelector defines which namespaces are allowed to submit workloads tothis clusterQueue. Beyond this basic support for policy, a policy agent likeGatekeeper should be used to enforce more advanced policies.Defaults to null which is a nothing selector (no namespaces eligible).If set to an empty selector '{}', then all namespaces are eligible. (see [below for nested schema](#nestedatt--spec--namespace_selector)) - `preemption` (Attributes) preemption describes policies to preempt Workloads from this ClusterQueueor the ClusterQueue's cohort.Preemption can happen in two scenarios:- When a Workload fits within the nominal quota of the ClusterQueue, but the quota is currently borrowed by other ClusterQueues in the cohort. Preempting Workloads in other ClusterQueues allows this ClusterQueue to reclaim its nominal quota.- When a Workload doesn't fit within the nominal quota of the ClusterQueue and there are admitted Workloads in the ClusterQueue with lower priority.The preemption algorithm tries to find a minimal set of Workloads topreempt to accomomdate the pending Workload, preempting Workloads withlower priority first. (see [below for nested schema](#nestedatt--spec--preemption)) @@ -84,6 +85,14 @@ Optional: + +### Nested Schema for `spec.fair_sharing` + +Optional: + +- `weight` (String) weight gives a comparative advantage to this ClusterQueue when competing for unusedresources in the cohort against other ClusterQueues.The share of a ClusterQueue is based on the dominant resource usage above nominalquotas for each resource, divided by the weight.Admission prioritizes scheduling workloads from ClusterQueues with the lowest shareand preempting workloads from the ClusterQueues with the highest share.A zero weight implies infinite share value, meaning that this ClusterQueue will alwaysbe at disadvantage against other ClusterQueues. + + ### Nested Schema for `spec.flavor_fungibility` diff --git a/docs/data-sources/lambda_services_k8s_aws_function_v1alpha1_manifest.md b/docs/data-sources/lambda_services_k8s_aws_function_v1alpha1_manifest.md index d88ee5103..ede37da92 100644 --- a/docs/data-sources/lambda_services_k8s_aws_function_v1alpha1_manifest.md +++ b/docs/data-sources/lambda_services_k8s_aws_function_v1alpha1_manifest.md @@ -96,6 +96,7 @@ Optional: - `s3_bucket_ref` (Attributes) Reference field for S3Bucket (see [below for nested schema](#nestedatt--spec--code--s3_bucket_ref)) - `s3_key` (String) - `s3_object_version` (String) +- `sha256` (String) - `zip_file` (String) diff --git a/docs/data-sources/maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest.md b/docs/data-sources/maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest.md index 20a8884e2..d78b7e0d7 100644 --- a/docs/data-sources/maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest.md +++ b/docs/data-sources/maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest.md @@ -139,6 +139,7 @@ Optional: - `selector` (Map of String) Route service traffic to pods with label keys and values matching thisselector. If empty or not present, the service is assumed to have anexternal process managing its endpoints, which Kubernetes will notmodify. Only applies to types ClusterIP, NodePort, and LoadBalancer.Ignored if type is ExternalName.More info: https://kubernetes.io/docs/concepts/services-networking/service/ - `session_affinity` (String) Supports 'ClientIP' and 'None'. Used to maintain session affinity.Enable client IP based session affinity.Must be ClientIP or None.Defaults to None.More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies - `session_affinity_config` (Attributes) sessionAffinityConfig contains the configurations of session affinity. (see [below for nested schema](#nestedatt--spec--http--service--spec--session_affinity_config)) +- `traffic_distribution` (String) TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone). - `type` (String) type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types @@ -247,7 +248,7 @@ Optional: - `dns_policy` (String) Set DNS policy for the pod.Defaults to 'ClusterFirst'.Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'.DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy.To have DNS options set along with hostNetwork, you have to specify DNS policyexplicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod'senvironment variables, matching the syntax of Docker links.Optional: Defaults to true. - `ephemeral_containers` (Attributes List) List of ephemeral containers run in this pod. Ephemeral containers may be run in an existingpod to perform user-initiated actions such as debugging. This list cannot be specified whencreating a pod, and it cannot be modified by updating the pod spec. In order to add anephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. (see [below for nested schema](#nestedatt--spec--pod_template--spec--ephemeral_containers)) -- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) +- `host_aliases` (Attributes List) HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. (see [below for nested schema](#nestedatt--spec--pod_template--spec--host_aliases)) - `host_ipc` (Boolean) Use the host's ipc namespace.Optional: Default to false. - `host_network` (Boolean) Host networking requested for this pod. Use the host's network namespace.If this option is set, the ports that will be used must be specified.Default to false. - `host_pid` (Boolean) Use the host's pid namespace.Optional: Default to false. @@ -257,7 +258,7 @@ Optional: - `init_containers` (Attributes List) List of initialization containers belonging to the pod.Init containers are executed in order prior to containers being started. If anyinit container fails, the pod is considered to have failed and is handled accordingto its restartPolicy. The name for an init container or normal container must beunique among all containers.Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes.The resourceRequirements of an init container are taken into account during schedulingby finding the highest request/limit for each resource type, and then using the max ofof that value or the sum of the normal containers. Limits are applied to init containersin a similar fashion.Init containers cannot currently be added or removed.Cannot be updated.More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ (see [below for nested schema](#nestedatt--spec--pod_template--spec--init_containers)) - `node_name` (String) NodeName is a request to schedule this pod onto a specific node. If it is non-empty,the scheduler simply schedules this pod onto that node, assuming that it fits resourcerequirements. - `node_selector` (Map of String) NodeSelector is a selector which must be true for the pod to fit on a node.Selector which must match a node's labels for the pod to be scheduled on that node.More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ -- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) +- `os` (Attributes) Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup (see [below for nested schema](#nestedatt--spec--pod_template--spec--os)) - `overhead` (Map of String) Overhead represents the resource overhead associated with running a pod for a given RuntimeClass.This field will be autopopulated at admission time by the RuntimeClass admission controller. Ifthe RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests.The RuntimeClass admission controller will reject Pod create requests which have the overhead alreadyset. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the valuedefined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero.More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md - `preemption_policy` (String) PreemptionPolicy is the Policy for preempting pods with lower priority.One of Never, PreemptLowerPriority.Defaults to PreemptLowerPriority if unset. - `priority` (Number) The priority value. Various system components use this field to find thepriority of the pod. When Priority Admission Controller is enabled, itprevents users from setting this field. The admission controller populatesthis field from PriorityClassName.The higher the value, the higher the priority. @@ -267,9 +268,9 @@ Optional: - `restart_policy` (String) Restart policy for all containers within the pod.One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted.Default to Always.More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be usedto run this pod. If no RuntimeClass resource matches the named class, the pod will not be run.If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with anempty definition that uses the default runtime handler.More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class - `scheduler_name` (String) If specified, the pod will be dispatched by specified scheduler.If not specified, the pod will be dispatched by default scheduler. -- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) +- `scheduling_gates` (Attributes List) SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards. (see [below for nested schema](#nestedatt--spec--pod_template--spec--scheduling_gates)) - `security_context` (Attributes) SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field. (see [below for nested schema](#nestedatt--spec--pod_template--spec--security_context)) -- `service_account` (String) DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. +- `service_account` (String) DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead. - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run this pod.More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - `set_hostname_as_fqdn` (Boolean) If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default).In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname).In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters to FQDN.If a pod does not have FQDN, this has no effect.Default to false. - `share_process_namespace` (Boolean) Share a single process namespace between all of the containers in a pod.When this is set containers will be able to view and signal processes from other containersin the same pod, and the first process in each container will not be assigned PID 1.HostPID and ShareProcessNamespace cannot both be set.Optional: Default to false. @@ -744,6 +745,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -755,6 +757,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -891,8 +905,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -1029,8 +1044,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1090,8 +1105,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1167,8 +1182,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1228,8 +1243,8 @@ Required: Optional: - `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) -- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. -- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1765,6 +1780,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -1776,6 +1792,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -1912,8 +1940,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2401,6 +2430,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2412,6 +2442,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--security_context--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.security_context.capabilities` @@ -2548,8 +2590,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -2605,6 +2648,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -2616,6 +2660,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--windows_options)) + +### Nested Schema for `spec.pod_template.spec.volumes.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pod_template.spec.volumes.se_linux_options` @@ -2685,7 +2741,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -2904,7 +2960,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--downward_api--items--resource_field_ref)) @@ -2973,7 +3029,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--ephemeral--volume_claim_template--metadata--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 -- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3320,7 +3376,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--pod_template--spec--volumes--projected--sources--service_account_token--items--resource_field_ref)) diff --git a/docs/data-sources/networking_istio_io_virtual_service_v1_manifest.md b/docs/data-sources/networking_istio_io_virtual_service_v1_manifest.md index bbd765305..f7df8857a 100644 --- a/docs/data-sources/networking_istio_io_virtual_service_v1_manifest.md +++ b/docs/data-sources/networking_istio_io_virtual_service_v1_manifest.md @@ -96,6 +96,7 @@ Optional: - `allow_origins` (Attributes List) String patterns that match allowed origins. (see [below for nested schema](#nestedatt--spec--http--cors_policy--allow_origins)) - `expose_headers` (List of String) A list of HTTP headers that the browsers are allowed to access. - `max_age` (String) Specifies how long the results of a preflight request can be cached. +- `unmatched_preflights` (String) Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE ### Nested Schema for `spec.http.cors_policy.allow_origins` diff --git a/docs/data-sources/networking_istio_io_virtual_service_v1alpha3_manifest.md b/docs/data-sources/networking_istio_io_virtual_service_v1alpha3_manifest.md index 4bc743804..e4e4d09b1 100644 --- a/docs/data-sources/networking_istio_io_virtual_service_v1alpha3_manifest.md +++ b/docs/data-sources/networking_istio_io_virtual_service_v1alpha3_manifest.md @@ -96,6 +96,7 @@ Optional: - `allow_origins` (Attributes List) String patterns that match allowed origins. (see [below for nested schema](#nestedatt--spec--http--cors_policy--allow_origins)) - `expose_headers` (List of String) A list of HTTP headers that the browsers are allowed to access. - `max_age` (String) Specifies how long the results of a preflight request can be cached. +- `unmatched_preflights` (String) Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE ### Nested Schema for `spec.http.cors_policy.allow_origins` diff --git a/docs/data-sources/networking_istio_io_virtual_service_v1beta1_manifest.md b/docs/data-sources/networking_istio_io_virtual_service_v1beta1_manifest.md index f8acb1432..b685a21a9 100644 --- a/docs/data-sources/networking_istio_io_virtual_service_v1beta1_manifest.md +++ b/docs/data-sources/networking_istio_io_virtual_service_v1beta1_manifest.md @@ -96,6 +96,7 @@ Optional: - `allow_origins` (Attributes List) String patterns that match allowed origins. (see [below for nested schema](#nestedatt--spec--http--cors_policy--allow_origins)) - `expose_headers` (List of String) A list of HTTP headers that the browsers are allowed to access. - `max_age` (String) Specifies how long the results of a preflight request can be cached. +- `unmatched_preflights` (String) Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE ### Nested Schema for `spec.http.cors_policy.allow_origins` diff --git a/docs/data-sources/operator_victoriametrics_com_vm_agent_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_agent_v1beta1_manifest.md index 3d75bc4e0..f643c8367 100644 --- a/docs/data-sources/operator_victoriametrics_com_vm_agent_v1beta1_manifest.md +++ b/docs/data-sources/operator_victoriametrics_com_vm_agent_v1beta1_manifest.md @@ -92,6 +92,7 @@ Optional: - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on. - `override_honor_labels` (Boolean) OverrideHonorLabels if set to true overrides all user configured honor_labels.If HonorLabels is set in ServiceScrape or PodScrape to true, this overrides honor_labels to false. - `override_honor_timestamps` (Boolean) OverrideHonorTimestamps allows to globally enforce honoring timestamps in all scrape configs. +- `paused` (Boolean) Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions. - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--pod_disruption_budget)) - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the vmagent pods. (see [below for nested schema](#nestedatt--spec--pod_metadata)) - `pod_scrape_namespace_selector` (Attributes) PodScrapeNamespaceSelector defines Namespaces to be selected for VMPodScrape discovery.Works in combination with Selector.NamespaceSelector nil - only objects at VMAgent namespace.Selector nil - only objects at NamespaceSelector namespaces.If both nil - behaviour controlled by selectAllByDefault (see [below for nested schema](#nestedatt--spec--pod_scrape_namespace_selector)) @@ -954,11 +955,16 @@ Required: Optional: - `by` (List of String) By is an optional list of labels for grouping input series.See also Without.If neither By nor Without are set, then the Outputs are calculatedindividually per each input time series. +- `dedup_interval` (String) DedupInterval is an optional interval for deduplication. +- `drop_input_labels` (List of String) DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.Labels are dropped before de-duplication and aggregation. - `flush_on_shutdown` (Boolean) FlushOnShutdown defines whether to flush the aggregation state on process terminationor config reload. Is 'false' by default.It is not recommended changing this setting, unless unfinished aggregations statesare preferred to missing data points. +- `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval. - `input_relabel_configs` (Attributes List) InputRelabelConfigs is an optional relabeling rules, which are applied on the inputbefore aggregation. (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--keep_input--input_relabel_configs)) +- `keep_metric_names` (Boolean) KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix. - `match` (Map of String) Match is a label selector (or list of label selectors) for filtering time series for the given selector.If the match isn't set, then all the input time series are processed. +- `no_align_flush_to_interval` (Boolean) NoAlighFlushToInterval disables aligning of flushes to multiples of Interval.By default flushes are aligned to Interval. - `output_relabel_configs` (Attributes List) OutputRelabelConfigs is an optional relabeling rules, which are appliedon the aggregated output before being sent to remote storage. (see [below for nested schema](#nestedatt--spec--remote_write--stream_aggr_config--keep_input--output_relabel_configs)) -- `staleness_interval` (String) StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it. +- `staleness_interval` (String) Staleness interval is interval after which the series state will be reset if no samples have been sent during it.The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket. - `without` (List of String) Without is an optional list of labels, which must be excluded when grouping input series.See also By.If neither By nor Without are set, then the Outputs are calculatedindividually per each input time series. diff --git a/docs/data-sources/operator_victoriametrics_com_vm_alert_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_alert_v1beta1_manifest.md index 77d6c4726..91fa92804 100644 --- a/docs/data-sources/operator_victoriametrics_com_vm_alert_v1beta1_manifest.md +++ b/docs/data-sources/operator_victoriametrics_com_vm_alert_v1beta1_manifest.md @@ -83,6 +83,7 @@ Optional: - `notifier` (Attributes) Notifier prometheus alertmanager endpoint spec. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093If specified both notifier and notifiers, notifier will be added as last element to notifiers.only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier (see [below for nested schema](#nestedatt--spec--notifier)) - `notifier_config_ref` (Attributes) NotifierConfigRef reference for secret with notifier configuration for vmalertonly one of notifier options could be chosen: notifierConfigRef or notifiers + notifier (see [below for nested schema](#nestedatt--spec--notifier_config_ref)) - `notifiers` (Attributes List) Notifiers prometheus alertmanager endpoints. Required at least one of notifier or notifiers when there are alerting rules. e.g. http://127.0.0.1:9093If specified both notifier and notifiers, notifier will be added as last element to notifiers.only one of notifier options could be chosen: notifierConfigRef or notifiers + notifier (see [below for nested schema](#nestedatt--spec--notifiers)) +- `paused` (Boolean) Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions. - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--pod_disruption_budget)) - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMAlert pods. (see [below for nested schema](#nestedatt--spec--pod_metadata)) - `port` (String) Port for listen diff --git a/docs/data-sources/operator_victoriametrics_com_vm_auth_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_auth_v1beta1_manifest.md index f63ba2da7..a8c1f05b1 100644 --- a/docs/data-sources/operator_victoriametrics_com_vm_auth_v1beta1_manifest.md +++ b/docs/data-sources/operator_victoriametrics_com_vm_auth_v1beta1_manifest.md @@ -60,22 +60,30 @@ Optional: - `config_reloader_extra_args` (Map of String) ConfigReloaderExtraArgs that will be passed to VMAuths config-reloader containerfor example resyncInterval: '30s' - `config_secret` (String) ConfigSecret is the name of a Kubernetes Secret in the same namespace as theVMAuth object, which contains auth configuration for vmauth,configuration must be inside secret key: config.yaml.It must be created and managed manually.If it's defined, configuration for vmauth becomes unmanaged and operator'll not create any related secrets/config-reloaders - `containers` (List of Map of String) Containers property allows to inject additions sidecars or to patch existing containers.It can be useful for proxies, backup, etc. +- `default_url` (List of String) DefaultURLs backend url for non-matching paths filterusually used for default backend with error message +- `discover_backend_ips` (Boolean) DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS. - `dns_config` (Attributes) Specifies the DNS parameters of a pod.Parameters specified here will be merged to the generated DNSconfiguration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--dns_config)) - `dns_policy` (String) DNSPolicy sets DNS policy for the pod +- `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. - `extra_args` (Map of String) ExtraArgs that will be passed to VMAuth podfor example remoteWrite.tmpDataPath: /tmp - `extra_envs` (List of Map of String) ExtraEnvs that will be added to VMAuth pod +- `headers` (List of String) Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth - `host_aliases` (Attributes List) HostAliases provides mapping for ip and hostname,that would be propagated to pod,cannot be used with HostNetwork. (see [below for nested schema](#nestedatt--spec--host_aliases)) - `host_network` (Boolean) HostNetwork controls whether the pod may use the node network namespace - `image` (Attributes) Image - docker image settings for VMAuthif no specified operator uses default config version (see [below for nested schema](#nestedatt--spec--image)) - `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespaceto use for pulling images from registriessee https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets)) - `ingress` (Attributes) Ingress enables ingress configuration for VMAuth. (see [below for nested schema](#nestedatt--spec--ingress)) - `init_containers` (List of Map of String) InitContainers allows adding initContainers to the pod definition. Those can be used to e.g.fetch secrets for injection into the vmSingle configuration from external sources. Anyerrors during the execution of an initContainer will lead to a restart of the Pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/Using initContainers for any use case other then secret fetching is entirely outside the scopeof what the maintainers will support and by doing so, you accept that this behaviour may breakat any time without notice. +- `ip_filters` (Attributes) IPFilters defines per target src ip filterssupported only with enterprise version of vmauthhttps://docs.victoriametrics.com/vmauth.html#ip-filters (see [below for nested schema](#nestedatt--spec--ip_filters)) - `license` (Attributes) License allows to configure license key to be used for enterprise features.Using license key is supported starting from VictoriaMetrics v1.94.0.See: https://docs.victoriametrics.com/enterprise.html (see [below for nested schema](#nestedatt--spec--license)) - `liveness_probe` (Map of String) LivenessProbe that will be added CRD pod +- `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls.Supported policies: least_loaded, first_available.See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded') - `log_format` (String) LogFormat for VMAuth to be configured with. - `log_level` (String) LogLevel for victoria metrics single to be configured with. +- `max_concurrent_requests` (Number) MaxConcurrentRequests defines max concurrent requests per user300 is default value for vmauth - `min_ready_seconds` (Number) MinReadySeconds defines a minim number os seconds to wait before starting update next podif previous in healthy state - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on. +- `paused` (Boolean) Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions. - `pod_disruption_budget` (Attributes) PodDisruptionBudget created by operator (see [below for nested schema](#nestedatt--spec--pod_disruption_budget)) - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMAuth pods. (see [below for nested schema](#nestedatt--spec--pod_metadata)) - `port` (String) Port listen port @@ -84,6 +92,8 @@ Optional: - `readiness_probe` (Map of String) ReadinessProbe that will be added CRD pod - `replica_count` (Number) ReplicaCount is the expected size of the VMAuth - `resources` (Attributes) Resources container resource request and limits, https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/if not defined default resources from operator config will be used (see [below for nested schema](#nestedatt--spec--resources)) +- `response_headers` (List of String) ResponseHeaders represent additional http headers, that vmauth adds for request responsein form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.93.0 version of vmauth +- `retry_status_codes` (List of String) RetryStatusCodes defines http status codes in numeric format for request retriese.g. [429,503] - `revision_history_limit_count` (Number) The number of old ReplicaSets to retain to allow rollback in deployment ormaximum number of revisions that will be maintained in the StatefulSet's revision history.Defaults to 10. - `runtime_class_name` (String) RuntimeClassName - defines runtime class for kubernetes pod.https://kubernetes.io/docs/concepts/containers/runtime-class/ - `scheduler_name` (String) SchedulerName - defines kubernetes scheduler name @@ -95,6 +105,7 @@ Optional: - `service_spec` (Attributes) ServiceSpec that will be added to vmsingle service spec (see [below for nested schema](#nestedatt--spec--service_spec)) - `startup_probe` (Map of String) StartupProbe that will be added to CRD pod - `termination_grace_period_seconds` (Number) TerminationGracePeriodSeconds period for container graceful termination +- `tls_config` (Attributes) TLSConfig specifies TLSConfig configuration parameters. (see [below for nested schema](#nestedatt--spec--tls_config)) - `tolerations` (Attributes List) Tolerations If specified, the pod's tolerations. (see [below for nested schema](#nestedatt--spec--tolerations)) - `topology_spread_constraints` (List of Map of String) TopologySpreadConstraints embedded kubernetes pod configuration option,controls how pods are spread across your cluster among failure-domainssuch as regions, zones, nodes, and other user-defined topology domainshttps://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - `unauthorized_access_config` (Attributes List) UnauthorizedAccessConfig configures access for un authorized users (see [below for nested schema](#nestedatt--spec--unauthorized_access_config)) @@ -248,6 +259,15 @@ Optional: + +### Nested Schema for `spec.ip_filters` + +Optional: + +- `allow_list` (List of String) +- `deny_list` (List of String) + + ### Nested Schema for `spec.license` @@ -339,6 +359,104 @@ Optional: + +### Nested Schema for `spec.tls_config` + +Optional: + +- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca)) +- `ca_file` (String) Path to the CA cert in the container to use for the targets. +- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert)) +- `cert_file` (String) Path to the client cert file in the container for the targets. +- `insecure_skip_verify` (Boolean) Disable target certificate validation. +- `key_file` (String) Path to the client key file in the container for the targets. +- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--key_secret)) +- `server_name` (String) Used to verify the hostname for the targets. + + +### Nested Schema for `spec.tls_config.ca` + +Optional: + +- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca--config_map)) +- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca--secret)) + + +### Nested Schema for `spec.tls_config.ca.config_map` + +Required: + +- `key` (String) The key to select. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined + + + +### Nested Schema for `spec.tls_config.ca.secret` + +Required: + +- `key` (String) The key of the secret to select from. Must be a valid secret key. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the Secret or its key must be defined + + + + +### Nested Schema for `spec.tls_config.cert` + +Optional: + +- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert--config_map)) +- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert--secret)) + + +### Nested Schema for `spec.tls_config.cert.config_map` + +Required: + +- `key` (String) The key to select. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined + + + +### Nested Schema for `spec.tls_config.cert.secret` + +Required: + +- `key` (String) The key of the secret to select from. Must be a valid secret key. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the Secret or its key must be defined + + + + +### Nested Schema for `spec.tls_config.key_secret` + +Required: + +- `key` (String) The key of the secret to select from. Must be a valid secret key. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the Secret or its key must be defined + + + ### Nested Schema for `spec.tolerations` @@ -356,24 +474,17 @@ Optional: Optional: +- `discover_backend_ips` (Boolean) DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS. - `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. -- `headers` (List of String) Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth -- `ip_filters` (Attributes) IPFilters defines filter for src ip addressenterprise only (see [below for nested schema](#nestedatt--spec--unauthorized_access_config--ip_filters)) +- `headers` (List of String) RequestHeaders represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth - `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls.Supported policies: least_loaded, first_available.See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded') - `response_headers` (List of String) ResponseHeaders represent additional http headers, that vmauth adds for request responsein form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.93.0 version of vmauth -- `retry_status_codes` (List of String) RetryStatusCodes defines http status codes in numeric format for request retriese.g. [429,503] -- `src_hosts` (List of String) SrcHosts is the list of regular expressions, which match the request hostname. -- `src_paths` (List of String) Paths src request paths -- `url_prefix` (List of String) URLs defines url_prefix for dst routing - - -### Nested Schema for `spec.unauthorized_access_config.ip_filters` - -Optional: - -- `allow_list` (List of String) -- `deny_list` (List of String) - +- `retry_status_codes` (List of String) RetryStatusCodes defines http status codes in numeric format for request retriesCan be defined per target or at VMUser.spec levele.g. [429,503] +- `src_headers` (List of String) SrcHeaders is an optional list of headers, which must match request headers. +- `src_hosts` (List of String) SrcHosts is an optional list of regular expressions, which must match the request hostname. +- `src_paths` (List of String) SrcPaths is an optional list of regular expressions, which must match the request path. +- `src_query_args` (List of String) SrcQueryArgs is an optional list of query args, which must match request URL query args. +- `url_prefix` (List of String) UrlPrefix contains backend url prefixes for the proxied request url. diff --git a/docs/data-sources/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.md index 1e08eb699..92e8374c1 100644 --- a/docs/data-sources/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.md +++ b/docs/data-sources/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.md @@ -62,6 +62,7 @@ Optional: - `cluster_version` (String) ClusterVersion defines default images tag for all components.it can be overwritten with component specific image.tag value. - `image_pull_secrets` (Attributes List) ImagePullSecrets An optional list of references to secrets in the same namespaceto use for pulling images from registriessee https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod (see [below for nested schema](#nestedatt--spec--image_pull_secrets)) - `license` (Attributes) License allows to configure license key to be used for enterprise features.Using license key is supported starting from VictoriaMetrics v1.94.0.See: https://docs.victoriametrics.com/enterprise.html (see [below for nested schema](#nestedatt--spec--license)) +- `paused` (Boolean) Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions. - `replication_factor` (Number) ReplicationFactor defines how many copies of data make amongdistinct storage nodes - `service_account_name` (String) ServiceAccountName is the name of the ServiceAccount to use to run theVMSelect, VMStorage and VMInsert Pods. - `use_strict_security` (Boolean) UseStrictSecurity enables strict security mode for componentit restricts disk writes accessuses non-root user out of the boxdrops not needed security permissions diff --git a/docs/data-sources/operator_victoriametrics_com_vm_single_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_single_v1beta1_manifest.md index e1fd1b4e7..e96ce89a0 100644 --- a/docs/data-sources/operator_victoriametrics_com_vm_single_v1beta1_manifest.md +++ b/docs/data-sources/operator_victoriametrics_com_vm_single_v1beta1_manifest.md @@ -77,6 +77,7 @@ Optional: - `log_format` (String) LogFormat for VMSingle to be configured with. - `log_level` (String) LogLevel for victoria metrics single to be configured with. - `node_selector` (Map of String) NodeSelector Define which Nodes the Pods are scheduled on. +- `paused` (Boolean) Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions. - `pod_metadata` (Attributes) PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods. (see [below for nested schema](#nestedatt--spec--pod_metadata)) - `port` (String) Port listen port - `priority_class_name` (String) PriorityClassName assigned to the Pods @@ -360,11 +361,16 @@ Required: Optional: - `by` (List of String) By is an optional list of labels for grouping input series.See also Without.If neither By nor Without are set, then the Outputs are calculatedindividually per each input time series. +- `dedup_interval` (String) DedupInterval is an optional interval for deduplication. +- `drop_input_labels` (List of String) DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.Labels are dropped before de-duplication and aggregation. - `flush_on_shutdown` (Boolean) FlushOnShutdown defines whether to flush the aggregation state on process terminationor config reload. Is 'false' by default.It is not recommended changing this setting, unless unfinished aggregations statesare preferred to missing data points. +- `ignore_old_samples` (Boolean) IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval. - `input_relabel_configs` (Attributes List) InputRelabelConfigs is an optional relabeling rules, which are applied on the inputbefore aggregation. (see [below for nested schema](#nestedatt--spec--stream_aggr_config--rules--input_relabel_configs)) +- `keep_metric_names` (Boolean) KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix. - `match` (Map of String) Match is a label selector (or list of label selectors) for filtering time series for the given selector.If the match isn't set, then all the input time series are processed. +- `no_align_flush_to_interval` (Boolean) NoAlighFlushToInterval disables aligning of flushes to multiples of Interval.By default flushes are aligned to Interval. - `output_relabel_configs` (Attributes List) OutputRelabelConfigs is an optional relabeling rules, which are appliedon the aggregated output before being sent to remote storage. (see [below for nested schema](#nestedatt--spec--stream_aggr_config--rules--output_relabel_configs)) -- `staleness_interval` (String) StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it. +- `staleness_interval` (String) Staleness interval is interval after which the series state will be reset if no samples have been sent during it.The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket. - `without` (List of String) Without is an optional list of labels, which must be excluded when grouping input series.See also By.If neither By nor Without are set, then the Outputs are calculatedindividually per each input time series. diff --git a/docs/data-sources/operator_victoriametrics_com_vm_user_v1beta1_manifest.md b/docs/data-sources/operator_victoriametrics_com_vm_user_v1beta1_manifest.md index 41228cb7e..f44121965 100644 --- a/docs/data-sources/operator_victoriametrics_com_vm_user_v1beta1_manifest.md +++ b/docs/data-sources/operator_victoriametrics_com_vm_user_v1beta1_manifest.md @@ -62,6 +62,7 @@ Optional: - `bearer_token` (String) BearerToken Authorization header value for accessing protected endpoint. - `default_url` (List of String) DefaultURLs backend url for non-matching paths filterusually used for default backend with error message - `disable_secret_creation` (Boolean) DisableSecretCreation skips related secret creation for vmuser +- `discover_backend_ips` (Boolean) DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS. - `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. - `generate_password` (Boolean) GeneratePassword instructs operator to generate password for userif spec.password if empty. - `headers` (List of String) Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth @@ -74,7 +75,7 @@ Optional: - `password_ref` (Attributes) PasswordRef allows fetching password from user-create secret by its name and key. (see [below for nested schema](#nestedatt--spec--password_ref)) - `response_headers` (List of String) ResponseHeaders represent additional http headers, that vmauth adds for request responsein form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.93.0 version of vmauth - `retry_status_codes` (List of String) RetryStatusCodes defines http status codes in numeric format for request retriese.g. [429,503] -- `tls_insecure_skip_verify` (Boolean) TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS.See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup +- `tls_config` (Attributes) TLSConfig specifies TLSConfig configuration parameters. (see [below for nested schema](#nestedatt--spec--tls_config)) - `token_ref` (Attributes) TokenRef allows fetching token from user-created secrets by its name and key. (see [below for nested schema](#nestedatt--spec--token_ref)) - `username` (String) UserName basic auth user name for accessing protected endpoint,will be replaced with metadata.name of VMUser if omitted. @@ -84,15 +85,18 @@ Optional: Optional: - `crd` (Attributes) CRD describes exist operator's CRD object,operator generates access url based on CRD params. (see [below for nested schema](#nestedatt--spec--target_refs--crd)) +- `discover_backend_ips` (Boolean) DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS. - `drop_src_path_prefix_parts` (Number) DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details. -- `headers` (List of String) Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth +- `headers` (List of String) RequestHeaders represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth - `hosts` (List of String) - `load_balancing_policy` (String) LoadBalancingPolicy defines load balancing policy to use for backend urls.Supported policies: least_loaded, first_available.See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded') - `paths` (List of String) Paths - matched path to route. - `response_headers` (List of String) ResponseHeaders represent additional http headers, that vmauth adds for request responsein form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.93.0 version of vmauth - `retry_status_codes` (List of String) RetryStatusCodes defines http status codes in numeric format for request retriesCan be defined per target or at VMUser.spec levele.g. [429,503] +- `src_headers` (List of String) SrcHeaders is an optional list of headers, which must match request headers. +- `src_query_args` (List of String) SrcQueryArgs is an optional list of query args, which must match request URL query args. - `static` (Attributes) Static - user defined url for traffic forward,for instance http://vmsingle:8429 (see [below for nested schema](#nestedatt--spec--target_refs--static)) -- `target_path_suffix` (String) QueryParams []string 'json:'queryParams,omitempty''TargetPathSuffix allows to add some suffix to the target pathIt allows to hide tenant configuration from user with crd as ref.it also may contain any url encoded params. +- `target_path_suffix` (String) TargetPathSuffix allows to add some suffix to the target pathIt allows to hide tenant configuration from user with crd as ref.it also may contain any url encoded params. - `target_ref_basic_auth` (Attributes) TargetRefBasicAuth allow an target endpoint to authenticate over basic authentication (see [below for nested schema](#nestedatt--spec--target_refs--target_ref_basic_auth)) @@ -172,6 +176,104 @@ Optional: - `optional` (Boolean) Specify whether the Secret or its key must be defined + +### Nested Schema for `spec.tls_config` + +Optional: + +- `ca` (Attributes) Stuct containing the CA cert to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca)) +- `ca_file` (String) Path to the CA cert in the container to use for the targets. +- `cert` (Attributes) Struct containing the client cert file for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert)) +- `cert_file` (String) Path to the client cert file in the container for the targets. +- `insecure_skip_verify` (Boolean) Disable target certificate validation. +- `key_file` (String) Path to the client key file in the container for the targets. +- `key_secret` (Attributes) Secret containing the client key file for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--key_secret)) +- `server_name` (String) Used to verify the hostname for the targets. + + +### Nested Schema for `spec.tls_config.ca` + +Optional: + +- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca--config_map)) +- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--ca--secret)) + + +### Nested Schema for `spec.tls_config.ca.config_map` + +Required: + +- `key` (String) The key to select. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined + + + +### Nested Schema for `spec.tls_config.ca.secret` + +Required: + +- `key` (String) The key of the secret to select from. Must be a valid secret key. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the Secret or its key must be defined + + + + +### Nested Schema for `spec.tls_config.cert` + +Optional: + +- `config_map` (Attributes) ConfigMap containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert--config_map)) +- `secret` (Attributes) Secret containing data to use for the targets. (see [below for nested schema](#nestedatt--spec--tls_config--cert--secret)) + + +### Nested Schema for `spec.tls_config.cert.config_map` + +Required: + +- `key` (String) The key to select. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the ConfigMap or its key must be defined + + + +### Nested Schema for `spec.tls_config.cert.secret` + +Required: + +- `key` (String) The key of the secret to select from. Must be a valid secret key. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the Secret or its key must be defined + + + + +### Nested Schema for `spec.tls_config.key_secret` + +Required: + +- `key` (String) The key of the secret to select from. Must be a valid secret key. + +Optional: + +- `name` (String) Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid? +- `optional` (Boolean) Specify whether the Secret or its key must be defined + + + ### Nested Schema for `spec.token_ref` diff --git a/docs/data-sources/pgv2_percona_com_percona_pg_cluster_v2_manifest.md b/docs/data-sources/pgv2_percona_com_percona_pg_cluster_v2_manifest.md index cded5db46..4c322d964 100644 --- a/docs/data-sources/pgv2_percona_com_percona_pg_cluster_v2_manifest.md +++ b/docs/data-sources/pgv2_percona_com_percona_pg_cluster_v2_manifest.md @@ -183,6 +183,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--volume--volume_claim_spec--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--volume--volume_claim_spec--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -218,18 +219,9 @@ Optional: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--volume--volume_claim_spec--volume_name--claims)) - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - -### Nested Schema for `spec.backups.pgbackrest.sidecars.volume.volume_claim_spec.volume_name.claims` - -Required: - -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. - - ### Nested Schema for `spec.backups.pgbackrest.sidecars.volume.volume_claim_spec.selector` @@ -261,11 +253,49 @@ Optional: Optional: +- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--cluster_trust_bundle)) - `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--config_map)) - `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--downward_api)) - `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--secret)) - `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--service_account_token)) + +### Nested Schema for `spec.backups.pgbackrest.sidecars.cluster_trust_bundle` + +Required: + +- `path` (String) Relative path from the volume root to write the bundle. + +Optional: + +- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--cluster_trust_bundle--label_selector)) +- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector. +- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles. +- `signer_name` (String) Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated. + + +### Nested Schema for `spec.backups.pgbackrest.sidecars.cluster_trust_bundle.label_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--cluster_trust_bundle--signer_name--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.backups.pgbackrest.sidecars.cluster_trust_bundle.signer_name.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + ### Nested Schema for `spec.backups.pgbackrest.sidecars.config_map` @@ -305,7 +335,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--downward_api--items--resource_field_ref)) @@ -515,7 +545,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -574,7 +606,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -649,7 +683,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -708,7 +744,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -782,6 +820,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -793,6 +832,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--security_context--windows_options)) + +### Nested Schema for `spec.backups.pgbackrest.sidecars.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.backups.pgbackrest.sidecars.security_context.se_linux_options` @@ -1015,7 +1066,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1074,7 +1127,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1149,7 +1204,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1208,7 +1265,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1282,6 +1341,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -1293,6 +1353,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--security_context--windows_options)) + +### Nested Schema for `spec.backups.pgbackrest.sidecars.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.backups.pgbackrest.sidecars.security_context.se_linux_options` @@ -1408,7 +1480,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -1584,7 +1656,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1643,7 +1717,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1718,7 +1794,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1777,7 +1855,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--backups--pgbackrest--sidecars--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -1957,6 +2037,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--instances--data_volume_claim_spec--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--instances--data_volume_claim_spec--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -1992,18 +2073,9 @@ Optional: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--instances--data_volume_claim_spec--volume_name--claims)) - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - -### Nested Schema for `spec.instances.data_volume_claim_spec.volume_name.claims` - -Required: - -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. - - ### Nested Schema for `spec.instances.data_volume_claim_spec.selector` @@ -2158,7 +2230,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -2217,7 +2291,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -2292,7 +2368,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--preferred_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -2351,7 +2429,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--instances--affinity--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -2553,6 +2633,7 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--post_start--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--post_start--http_get)) +- `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--post_start--sleep)) - `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--post_start--tcp_socket)) @@ -2587,6 +2668,14 @@ Required: + +### Nested Schema for `spec.instances.init_containers.working_dir.post_start.sleep` + +Required: + +- `seconds` (Number) Seconds is the number of seconds to sleep. + + ### Nested Schema for `spec.instances.init_containers.working_dir.post_start.tcp_socket` @@ -2607,6 +2696,7 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--pre_stop--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--pre_stop--http_get)) +- `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--pre_stop--sleep)) - `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--pre_stop--tcp_socket)) @@ -2641,6 +2731,14 @@ Required: + +### Nested Schema for `spec.instances.init_containers.working_dir.pre_stop.sleep` + +Required: + +- `seconds` (Number) Seconds is the number of seconds to sleep. + + ### Nested Schema for `spec.instances.init_containers.working_dir.pre_stop.tcp_socket` @@ -2849,6 +2947,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -2860,6 +2959,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--instances--init_containers--working_dir--windows_options)) + +### Nested Schema for `spec.instances.init_containers.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.instances.init_containers.working_dir.capabilities` @@ -2996,8 +3107,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -3035,6 +3147,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--instances--security_context--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -3046,6 +3159,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--instances--security_context--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--instances--security_context--windows_options)) + +### Nested Schema for `spec.instances.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.instances.security_context.se_linux_options` @@ -3241,6 +3366,7 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--post_start--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--post_start--http_get)) +- `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--post_start--sleep)) - `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--post_start--tcp_socket)) @@ -3275,6 +3401,14 @@ Required: + +### Nested Schema for `spec.instances.sidecars.working_dir.post_start.sleep` + +Required: + +- `seconds` (Number) Seconds is the number of seconds to sleep. + + ### Nested Schema for `spec.instances.sidecars.working_dir.post_start.tcp_socket` @@ -3295,6 +3429,7 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--pre_stop--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--pre_stop--http_get)) +- `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--pre_stop--sleep)) - `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--pre_stop--tcp_socket)) @@ -3329,6 +3464,14 @@ Required: + +### Nested Schema for `spec.instances.sidecars.working_dir.pre_stop.sleep` + +Required: + +- `seconds` (Number) Seconds is the number of seconds to sleep. + + ### Nested Schema for `spec.instances.sidecars.working_dir.pre_stop.tcp_socket` @@ -3537,6 +3680,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -3548,6 +3692,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--instances--sidecars--working_dir--windows_options)) + +### Nested Schema for `spec.instances.sidecars.working_dir.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.instances.sidecars.working_dir.capabilities` @@ -3684,8 +3840,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -3716,7 +3873,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--instances--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. @@ -3753,8 +3910,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -3770,6 +3928,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--instances--wal_volume_claim_spec--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--instances--wal_volume_claim_spec--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3805,18 +3964,9 @@ Optional: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--instances--wal_volume_claim_spec--volume_name--claims)) - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - -### Nested Schema for `spec.instances.wal_volume_claim_spec.volume_name.claims` - -Required: - -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. - - ### Nested Schema for `spec.instances.wal_volume_claim_spec.selector` @@ -3938,6 +4088,7 @@ Optional: - `resources` (Attributes) resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--volume--volume_claim_spec--resources)) - `selector` (Attributes) selector is a label query over volumes to consider for binding. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--volume--volume_claim_spec--selector)) - `storage_class_name` (String) storageClassName is the name of the StorageClass required by the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1 +- `volume_attributes_class_name` (String) volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled. - `volume_mode` (String) volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec. - `volume_name` (String) volumeName is the binding reference to the PersistentVolume backing this claim. @@ -3973,18 +4124,9 @@ Optional: Optional: -- `claims` (Attributes List) Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--volume--volume_claim_spec--volume_name--claims)) - `limits` (Map of String) Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - `requests` (Map of String) Requests describes the minimum amount of compute resources required.If Requests is omitted for a container, it defaults to Limits if that is explicitly specified,otherwise to an implementation-defined value. Requests cannot exceed Limits.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - -### Nested Schema for `spec.data_source.pgbackrest.tolerations.volume.volume_claim_spec.volume_name.claims` - -Required: - -- `name` (String) Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container. - - ### Nested Schema for `spec.data_source.pgbackrest.tolerations.volume.volume_claim_spec.selector` @@ -4141,7 +4283,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4200,7 +4344,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4275,7 +4421,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4334,7 +4482,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4390,11 +4540,49 @@ Optional: Optional: +- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--cluster_trust_bundle)) - `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--config_map)) - `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--downward_api)) - `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--secret)) - `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--service_account_token)) + +### Nested Schema for `spec.data_source.pgbackrest.tolerations.cluster_trust_bundle` + +Required: + +- `path` (String) Relative path from the volume root to write the bundle. + +Optional: + +- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--cluster_trust_bundle--label_selector)) +- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector. +- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles. +- `signer_name` (String) Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated. + + +### Nested Schema for `spec.data_source.pgbackrest.tolerations.cluster_trust_bundle.label_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--cluster_trust_bundle--signer_name--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.data_source.pgbackrest.tolerations.cluster_trust_bundle.signer_name.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + ### Nested Schema for `spec.data_source.pgbackrest.tolerations.config_map` @@ -4434,7 +4622,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--downward_api--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--downward_api--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--data_source--pgbackrest--tolerations--downward_api--items--resource_field_ref)) @@ -4680,7 +4868,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4739,7 +4929,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4814,7 +5006,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -4873,7 +5067,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--data_source--postgres_cluster--tolerations--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -5165,6 +5361,7 @@ Optional: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pmm--container_security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pmm--container_security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -5176,6 +5373,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--pmm--container_security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--pmm--container_security_context--windows_options)) + +### Nested Schema for `spec.pmm.container_security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.pmm.container_security_context.capabilities` @@ -5398,7 +5607,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -5457,7 +5668,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -5532,7 +5745,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_anti_affinity--required_during_scheduling_ignored_during_execution--weight--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -5591,7 +5806,9 @@ Required: Optional: -- `label_selector` (Attributes) A label query over a set of resources, in this case pods. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `label_selector` (Attributes) A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_anti_affinity--required_during_scheduling_ignored_during_execution--label_selector)) +- `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. +- `mismatch_label_keys` (List of String) MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. - `namespace_selector` (Attributes) A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--pod_anti_affinity--required_during_scheduling_ignored_during_execution--namespace_selector)) - `namespaces` (List of String) namespaces specifies a static list of namespace names that the term applies to.The term is applied to the union of the namespaces listed in this fieldand the ones selected by namespaceSelector.null or empty namespaces list and null namespaceSelector means 'this pod's namespace'. @@ -5657,11 +5874,49 @@ Optional: Optional: +- `cluster_trust_bundle` (Attributes) ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--cluster_trust_bundle)) - `config_map` (Attributes) configMap information about the configMap data to project (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--config_map)) - `downward_api` (Attributes) downwardAPI information about the downwardAPI data to project (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--downward_api)) - `secret` (Attributes) secret information about the secret data to project (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--secret)) - `service_account_token` (Attributes) serviceAccountToken is information about the serviceAccountToken data to project (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--service_account_token)) + +### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.files.cluster_trust_bundle` + +Required: + +- `path` (String) Relative path from the volume root to write the bundle. + +Optional: + +- `label_selector` (Attributes) Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--service_account_token--label_selector)) +- `name` (String) Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector. +- `optional` (Boolean) If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles. +- `signer_name` (String) Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated. + + +### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.files.service_account_token.label_selector` + +Optional: + +- `match_expressions` (Attributes List) matchExpressions is a list of label selector requirements. The requirements are ANDed. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--service_account_token--signer_name--match_expressions)) +- `match_labels` (Map of String) matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed. + + +### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.files.service_account_token.signer_name.match_expressions` + +Required: + +- `key` (String) key is the label key that the selector applies to. +- `operator` (String) operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist. + +Optional: + +- `values` (List of String) values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch. + + + + ### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.files.config_map` @@ -5701,7 +5956,7 @@ Required: Optional: -- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name and namespace are supported. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--service_account_token--items--field_ref)) +- `field_ref` (Attributes) Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--service_account_token--items--field_ref)) - `mode` (Number) Optional: mode bits used to set permissions on this file, must be an octal valuebetween 0000 and 0777 or a decimal value between 0 and 511.YAML accepts both octal and decimal values, JSON requires decimal values for mode bits.If not specified, the volume defaultMode will be used.This might be in conflict with other options that affect the filemode, like fsGroup, and the result can be other mode bits set. - `resource_field_ref` (Attributes) Selects a resource of the container: only resources limits and requests(limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--files--service_account_token--items--resource_field_ref)) @@ -5837,6 +6092,7 @@ Required: Optional: +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--app_armor_profile)) - `fs_group` (Number) A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows. - `fs_group_change_policy` (String) fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows. - `run_as_group` (Number) The GID to run the entrypoint of the container process.Uses runtime default if unset.May also be set in SecurityContext. If set in both SecurityContext andPodSecurityContext, the value specified in SecurityContext takes precedencefor that container.Note that this field cannot be set when spec.os.name is windows. @@ -5848,6 +6104,18 @@ Optional: - `sysctls` (Attributes List) Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupportedsysctls (by the container runtime) might fail to launch.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--sysctls)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options within a container's SecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--windows_options)) + +### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.se_linux_options` @@ -6043,6 +6311,7 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--lifecycle--pre_stop--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--lifecycle--pre_stop--http_get)) +- `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--lifecycle--pre_stop--sleep)) - `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--lifecycle--pre_stop--tcp_socket)) @@ -6077,6 +6346,14 @@ Required: + +### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.lifecycle.pre_stop.sleep` + +Required: + +- `seconds` (Number) Seconds is the number of seconds to sleep. + + ### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.lifecycle.pre_stop.tcp_socket` @@ -6097,6 +6374,7 @@ Optional: - `exec` (Attributes) Exec specifies the action to take. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--lifecycle--pre_stop--exec)) - `http_get` (Attributes) HTTPGet specifies the http request to perform. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--lifecycle--pre_stop--http_get)) +- `sleep` (Attributes) Sleep represents the duration that the container should sleep before being terminated. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--lifecycle--pre_stop--sleep)) - `tcp_socket` (Attributes) Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--lifecycle--pre_stop--tcp_socket)) @@ -6131,6 +6409,14 @@ Required: + +### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.lifecycle.pre_stop.sleep` + +Required: + +- `seconds` (Number) Seconds is the number of seconds to sleep. + + ### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.lifecycle.pre_stop.tcp_socket` @@ -6339,6 +6625,7 @@ Required: Optional: - `allow_privilege_escalation` (Boolean) AllowPrivilegeEscalation controls whether a process can gain moreprivileges than its parent process. This bool directly controls ifthe no_new_privs flag will be set on the container process.AllowPrivilegeEscalation is true always when the container is:1) run as Privileged2) has CAP_SYS_ADMINNote that this field cannot be set when spec.os.name is windows. +- `app_armor_profile` (Attributes) appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--security_context--app_armor_profile)) - `capabilities` (Attributes) The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--security_context--capabilities)) - `privileged` (Boolean) Run container in privileged mode.Processes in privileged containers are essentially equivalent to root on the host.Defaults to false.Note that this field cannot be set when spec.os.name is windows. - `proc_mount` (String) procMount denotes the type of proc mount to use for the containers.The default is DefaultProcMount which uses the container runtime defaults forreadonly paths and masked paths.This requires the ProcMountType feature flag to be enabled.Note that this field cannot be set when spec.os.name is windows. @@ -6350,6 +6637,18 @@ Optional: - `seccomp_profile` (Attributes) The seccomp options to use by this container. If seccomp options areprovided at both the pod & container level, the container optionsoverride the pod options.Note that this field cannot be set when spec.os.name is windows. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--security_context--seccomp_profile)) - `windows_options` (Attributes) The Windows specific settings applied to all containers.If unspecified, the options from the PodSecurityContext will be used.If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence.Note that this field cannot be set when spec.os.name is linux. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--security_context--windows_options)) + +### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.security_context.app_armor_profile` + +Required: + +- `type` (String) type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement. + +Optional: + +- `localhost_profile` (String) localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'. + + ### Nested Schema for `spec.proxy.pg_bouncer.topology_spread_constraints.security_context.capabilities` @@ -6486,8 +6785,9 @@ Required: Optional: -- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10. +- `mount_propagation` (String) mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None). - `read_only` (Boolean) Mounted read-only if true, read-write otherwise (false or unspecified).Defaults to false. +- `recursive_read_only` (String) RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled. - `sub_path` (String) Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root). - `sub_path_expr` (String) Expanded path within the volume from which the container's volume should be mounted.Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment.Defaults to '' (volume's root).SubPathExpr and SubPath are mutually exclusive. @@ -6518,7 +6818,7 @@ Optional: - `label_selector` (Attributes) LabelSelector is used to find matching pods.Pods that match this label selector are counted to determine the number of podsin their corresponding topology domain. (see [below for nested schema](#nestedatt--spec--proxy--pg_bouncer--topology_spread_constraints--label_selector)) - `match_label_keys` (List of String) MatchLabelKeys is a set of pod label keys to select the pods over whichspreading will be calculated. The keys are used to lookup values from theincoming pod labels, those key-value labels are ANDed with labelSelectorto select the group of existing pods over which spreading will be calculatedfor the incoming pod. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.MatchLabelKeys cannot be set when LabelSelector isn't set.Keys that don't exist in the incoming pod labels willbe ignored. A null or empty list means only match against labelSelector.This is a beta field and requires the MatchLabelKeysInPodTopologySpread feature gate to be enabled (enabled by default). -- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default). +- `min_domains` (Number) MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew. - `node_affinity_policy` (String) NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelectorwhen calculating pod topology spread skew. Options are:- Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations.- Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations.If this value is nil, the behavior is equivalent to the Honor policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. - `node_taints_policy` (String) NodeTaintsPolicy indicates how we will treat node taints when calculatingpod topology spread skew. Options are:- Honor: nodes without taints, along with tainted nodes for which the incoming podhas a toleration, are included.- Ignore: node taints are ignored. All nodes are included.If this value is nil, the behavior is equivalent to the Ignore policy.This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag. diff --git a/docs/data-sources/scylla_scylladb_com_scylla_cluster_v1_manifest.md b/docs/data-sources/scylla_scylladb_com_scylla_cluster_v1_manifest.md index b2bcbf06d..52eb533f3 100644 --- a/docs/data-sources/scylla_scylladb_com_scylla_cluster_v1_manifest.md +++ b/docs/data-sources/scylla_scylladb_com_scylla_cluster_v1_manifest.md @@ -126,7 +126,7 @@ Optional: - `cron` (String) cron specifies the task schedule as a cron expression. It supports an extended syntax including @monthly, @weekly, @daily, @midnight, @hourly, @every X[h|m|s]. - `dc` (List of String) dc is a list of datacenter glob patterns, e.g. 'dc1,!otherdc*' used to specify the DCs to include or exclude from backup. -- `interval` (String) interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s. +- `interval` (String) interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s. Deprecated: please use cron instead. - `keyspace` (List of String) keyspace is a list of keyspace/tables glob patterns, e.g. 'keyspace,!keyspace.table_prefix_*' used to include or exclude keyspaces from repair. - `location` (List of String) location is a list of backup locations in the format [:]: ex. s3:my-bucket. The : part is optional and is only needed when different datacenters are being used to upload data to different locations. must be an alphanumeric string and may contain a dash and or a dot, but other characters are forbidden. The only supported storage at the moment are s3 and gcs. - `name` (String) name is a unique name of a task. @@ -1584,7 +1584,7 @@ Optional: - `fail_fast` (Boolean) failFast indicates if a repair should be stopped on first error. - `host` (String) host specifies a host to repair. If empty, all hosts are repaired. - `intensity` (String) intensity indicates how many token ranges (per shard) to repair in a single Scylla repair job. By default this is 1. If you set it to 0 the number of token ranges is adjusted to the maximum supported by node (see max_repair_ranges_in_parallel in Scylla logs). Valid values are 0 and integers >= 1. Higher values will result in increased cluster load and slightly faster repairs. Changing the intensity impacts repair granularity if you need to resume it, the higher the value the more work on resume. For Scylla clusters that *do not support row-level repair*, intensity can be a decimal between (0,1). In that case it specifies percent of shards that can be repaired in parallel on a repair master node. For Scylla clusters that are row-level repair enabled, setting intensity below 1 has the same effect as setting intensity 1. -- `interval` (String) interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s. +- `interval` (String) interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s. Deprecated: please use cron instead. - `keyspace` (List of String) keyspace is a list of keyspace/tables glob patterns, e.g. 'keyspace,!keyspace.table_prefix_*' used to include or exclude keyspaces from repair. - `name` (String) name is a unique name of a task. - `num_retries` (Number) numRetries indicates how many times a scheduled task will be retried before failing. diff --git a/docs/data-sources/secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest.md b/docs/data-sources/secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest.md index 187c4d368..2b049f6d6 100644 --- a/docs/data-sources/secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest.md +++ b/docs/data-sources/secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest.md @@ -137,5 +137,5 @@ Optional: Required: -- `kind` (String) -- `name` (String) +- `kind` (String) Kind of the resource +- `name` (String) Name of the resource diff --git a/docs/data-sources/secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest.md b/docs/data-sources/secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest.md index f00ebc162..c9c83a9df 100644 --- a/docs/data-sources/secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest.md +++ b/docs/data-sources/secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest.md @@ -144,5 +144,5 @@ Optional: Required: -- `kind` (String) -- `name` (String) +- `kind` (String) Kind of the resource +- `name` (String) Name of the resource diff --git a/docs/data-sources/secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest.md b/docs/data-sources/secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest.md index 702a28dca..6f3b7b291 100644 --- a/docs/data-sources/secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest.md +++ b/docs/data-sources/secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest.md @@ -153,5 +153,5 @@ Optional: Required: -- `kind` (String) -- `name` (String) +- `kind` (String) Kind of the resource +- `name` (String) Name of the resource diff --git a/docs/data-sources/secrets_hashicorp_com_vault_static_secret_v1beta1_manifest.md b/docs/data-sources/secrets_hashicorp_com_vault_static_secret_v1beta1_manifest.md index b069a89c6..5f9c53c60 100644 --- a/docs/data-sources/secrets_hashicorp_com_vault_static_secret_v1beta1_manifest.md +++ b/docs/data-sources/secrets_hashicorp_com_vault_static_secret_v1beta1_manifest.md @@ -142,5 +142,5 @@ Optional: Required: -- `kind` (String) -- `name` (String) +- `kind` (String) Kind of the resource +- `name` (String) Name of the resource diff --git a/docs/data-sources/sonataflow_org_sonata_flow_v1alpha08_manifest.md b/docs/data-sources/sonataflow_org_sonata_flow_v1alpha08_manifest.md index d97f6b675..59af92bf5 100644 --- a/docs/data-sources/sonataflow_org_sonata_flow_v1alpha08_manifest.md +++ b/docs/data-sources/sonataflow_org_sonata_flow_v1alpha08_manifest.md @@ -296,6 +296,7 @@ Optional: - `automount_service_account_token` (Boolean) AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - `container` (Attributes) Container is the Kubernetes container where the application should run. One can change this attribute in order to override the defaults provided by the operator. (see [below for nested schema](#nestedatt--spec--pod_template--container)) - `containers` (Attributes List) List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. (see [below for nested schema](#nestedatt--spec--pod_template--containers)) +- `deployment_model` (String) Defines the kind of deployment model for this pod spec. In dev profile, only 'kubernetes' is valid. - `dns_config` (Attributes) Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. (see [below for nested schema](#nestedatt--spec--pod_template--dns_config)) - `dns_policy` (String) Set DNS policy for the pod. Defaults to 'ClusterFirst'. Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - `enable_service_links` (Boolean) EnableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. Optional: Defaults to true. @@ -315,7 +316,7 @@ Optional: - `priority` (Number) The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. - `priority_class_name` (String) If specified, indicates the pod's priority. 'system-node-critical' and 'system-cluster-critical' are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. - `readiness_gates` (Attributes List) If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to 'True' More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates (see [below for nested schema](#nestedatt--spec--pod_template--readiness_gates)) -- `replicas` (Number) +- `replicas` (Number) Replicas define the number of pods to start by default for this deployment model. Ignored in 'knative' deployment model. - `resource_claims` (Attributes List) ResourceClaims defines which ResourceClaims must be allocated and reserved before the Pod is allowed to start. The resources will be made available to those containers which consume them by name. This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. This field is immutable. (see [below for nested schema](#nestedatt--spec--pod_template--resource_claims)) - `restart_policy` (String) Restart policy for all containers within the pod. One of Always, OnFailure, Never. In some contexts, only a subset of those values may be permitted. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy - `runtime_class_name` (String) RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the 'legacy' RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class diff --git a/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1_manifest.md b/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1_manifest.md index 7c8c51147..4ae17cdde 100644 --- a/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1_manifest.md +++ b/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1_manifest.md @@ -97,7 +97,7 @@ Optional: Optional: -- `code` (Attributes List) The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field) (see [below for nested schema](#nestedatt--spec--targets--code)) +- `code` (Attributes List) The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field) (see [below for nested schema](#nestedatt--spec--targets--code)) - `libs` (List of String) - `rego` (String) - `target` (String) diff --git a/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1alpha1_manifest.md b/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1alpha1_manifest.md index 98e3b9f96..7ce5abeac 100644 --- a/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1alpha1_manifest.md +++ b/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1alpha1_manifest.md @@ -97,7 +97,7 @@ Optional: Optional: -- `code` (Attributes List) The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field) (see [below for nested schema](#nestedatt--spec--targets--code)) +- `code` (Attributes List) The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field) (see [below for nested schema](#nestedatt--spec--targets--code)) - `libs` (List of String) - `rego` (String) - `target` (String) diff --git a/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1beta1_manifest.md b/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1beta1_manifest.md index cdd4d6f3e..382252986 100644 --- a/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1beta1_manifest.md +++ b/docs/data-sources/templates_gatekeeper_sh_constraint_template_v1beta1_manifest.md @@ -97,7 +97,7 @@ Optional: Optional: -- `code` (Attributes List) The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field) (see [below for nested schema](#nestedatt--spec--targets--code)) +- `code` (Attributes List) The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field) (see [below for nested schema](#nestedatt--spec--targets--code)) - `libs` (List of String) - `rego` (String) - `target` (String) diff --git a/docs/data-sources/tempo_grafana_com_tempo_stack_v1alpha1_manifest.md b/docs/data-sources/tempo_grafana_com_tempo_stack_v1alpha1_manifest.md index d6f89e7c4..15cf45d04 100644 --- a/docs/data-sources/tempo_grafana_com_tempo_stack_v1alpha1_manifest.md +++ b/docs/data-sources/tempo_grafana_com_tempo_stack_v1alpha1_manifest.md @@ -136,6 +136,7 @@ Optional: Optional: +- `oauth_proxy` (String) OauthProxy defines the oauth proxy image used to protect the jaegerUI on single tenant. - `tempo` (String) Tempo defines the tempo container image. - `tempo_gateway` (String) TempoGateway defines the tempo-gateway container image. - `tempo_gateway_opa` (String) TempoGatewayOpa defines the OPA sidecar container for TempoGateway. @@ -655,12 +656,22 @@ Optional: Optional: +- `authentication` (Attributes) Oauth defines the options for the oauth proxy used to protect jaeger UI (see [below for nested schema](#nestedatt--spec--template--query_frontend--jaeger_query--authentication)) - `enabled` (Boolean) Enabled defines if the Jaeger Query component should be created. - `ingress` (Attributes) Ingress defines the options for the Jaeger Query ingress. (see [below for nested schema](#nestedatt--spec--template--query_frontend--jaeger_query--ingress)) - `monitor_tab` (Attributes) MonitorTab defines the monitor tab configuration. (see [below for nested schema](#nestedatt--spec--template--query_frontend--jaeger_query--monitor_tab)) - `resources` (Attributes) Resources defines resources for this component, this will override the calculated resources derived from total (see [below for nested schema](#nestedatt--spec--template--query_frontend--jaeger_query--resources)) - `services_query_duration` (String) ServicesQueryDuration defines how long the services will be available in the services list + +### Nested Schema for `spec.template.query_frontend.jaeger_query.authentication` + +Optional: + +- `enabled` (Boolean) Defines if the authentication will be enabled for jaeger UI. +- `sar` (String) SAR defines the SAR to be used in the oauth-proxy default is '{'namespace': '', 'resource': 'pods', 'verb': 'get'} + + ### Nested Schema for `spec.template.query_frontend.jaeger_query.ingress` diff --git a/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/data-source.tf b/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/data-source.tf new file mode 100644 index 000000000..90941a6b1 --- /dev/null +++ b/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/data-source.tf @@ -0,0 +1,6 @@ +data "k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest" "example" { + metadata = { + name = "some-name" + namespace = "some-namespace" + } +} diff --git a/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/main.tf b/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/main.tf new file mode 100644 index 000000000..ce09a1445 --- /dev/null +++ b/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/main.tf @@ -0,0 +1,12 @@ +terraform { + required_providers { + k8s = { + source = "localhost/metio/k8s" + version = "9999.99.99" + } + } +} + +provider "k8s" { + offline = true +} diff --git a/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/outputs.tf b/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/outputs.tf new file mode 100644 index 000000000..fca4b8c01 --- /dev/null +++ b/examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest/outputs.tf @@ -0,0 +1,5 @@ +output "manifests" { + value = { + "example" = data.k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest.example.yaml + } +} diff --git a/internal/provider/agent_k8s_elastic_co_v1alpha1/agent_k8s_elastic_co_agent_v1alpha1_manifest.go b/internal/provider/agent_k8s_elastic_co_v1alpha1/agent_k8s_elastic_co_agent_v1alpha1_manifest.go index cf77655a0..eb4fae8f4 100644 --- a/internal/provider/agent_k8s_elastic_co_v1alpha1/agent_k8s_elastic_co_agent_v1alpha1_manifest.go +++ b/internal/provider/agent_k8s_elastic_co_v1alpha1/agent_k8s_elastic_co_agent_v1alpha1_manifest.go @@ -357,7 +357,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -423,12 +427,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -609,7 +614,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -676,12 +685,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -864,7 +874,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -930,12 +944,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -965,6 +980,10 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1651,7 +1670,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1717,12 +1740,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -1903,7 +1927,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1970,12 +1998,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -2158,7 +2187,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -2224,12 +2257,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -2259,6 +2293,10 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -2689,7 +2727,8 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -3034,7 +3073,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -3100,12 +3143,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -3286,7 +3330,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -3353,12 +3401,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -3541,7 +3590,11 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -3607,12 +3660,13 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -3642,6 +3696,10 @@ type AgentK8SElasticCoAgentV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -4526,8 +4584,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4535,8 +4593,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4693,8 +4751,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4702,8 +4760,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4860,8 +4918,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4869,8 +4927,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -5027,8 +5085,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -5036,8 +5094,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -6228,6 +6286,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6689,8 +6772,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6712,6 +6795,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7907,6 +7998,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -8376,8 +8492,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -8399,6 +8515,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -8436,8 +8560,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -9611,6 +9735,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -10072,8 +10221,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -10095,6 +10244,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -10149,8 +10306,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -10286,8 +10443,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -10308,6 +10465,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -10497,8 +10679,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -10672,8 +10854,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -11115,8 +11297,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -11461,8 +11643,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -12179,8 +12361,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -13180,8 +13362,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -13189,8 +13371,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -13347,8 +13529,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -13356,8 +13538,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -13514,8 +13696,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -13523,8 +13705,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -13681,8 +13863,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -13690,8 +13872,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -14882,6 +15064,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -15343,8 +15550,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -15366,6 +15573,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -16561,6 +16776,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -17030,8 +17270,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -17053,6 +17293,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -17090,8 +17338,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -18265,6 +18513,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -18726,8 +18999,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -18749,6 +19022,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -18803,8 +19084,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -18940,8 +19221,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -18962,6 +19243,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -19151,8 +19457,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -19326,8 +19632,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -19769,8 +20075,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -20115,8 +20421,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -20833,8 +21139,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -21879,6 +22185,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -22458,8 +22772,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -22467,8 +22781,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -22625,8 +22939,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -22634,8 +22948,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -22792,8 +23106,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -22801,8 +23115,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -22959,8 +23273,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -22968,8 +23282,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -24160,6 +24474,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -24621,8 +24960,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -24644,6 +24983,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -25839,6 +26186,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -26308,8 +26680,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -26331,6 +26703,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -26368,8 +26748,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -27543,6 +27923,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -28004,8 +28409,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -28027,6 +28432,14 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -28081,8 +28494,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -28218,8 +28631,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -28240,6 +28653,31 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -28429,8 +28867,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -28604,8 +29042,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -29047,8 +29485,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -29393,8 +29831,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -30111,8 +30549,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -30986,8 +31424,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -31055,8 +31493,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "conditions": schema.ListNestedAttribute{ - Description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'.", - MarkdownDescription: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'.", + Description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'.", + MarkdownDescription: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "last_probe_time": schema.StringAttribute{ @@ -31090,8 +31528,8 @@ func (r *AgentK8SElasticCoAgentV1Alpha1Manifest) Schema(_ context.Context, _ dat }, "reason": schema.StringAttribute{ - Description: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized.", - MarkdownDescription: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized.", + Description: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized.", + MarkdownDescription: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_revision_v1_manifest.go b/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_revision_v1_manifest.go index b51db9690..2b070c380 100644 --- a/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_revision_v1_manifest.go +++ b/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_revision_v1_manifest.go @@ -624,8 +624,8 @@ func (r *ApiextensionsCrossplaneIoCompositionRevisionV1Manifest) Schema(_ contex }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", @@ -1102,8 +1102,8 @@ func (r *ApiextensionsCrossplaneIoCompositionRevisionV1Manifest) Schema(_ contex }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", @@ -1719,8 +1719,8 @@ func (r *ApiextensionsCrossplaneIoCompositionRevisionV1Manifest) Schema(_ contex }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", diff --git a/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_v1_manifest.go b/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_v1_manifest.go index 67d277841..2b0d240d6 100644 --- a/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_v1_manifest.go +++ b/internal/provider/apiextensions_crossplane_io_v1/apiextensions_crossplane_io_composition_v1_manifest.go @@ -623,8 +623,8 @@ func (r *ApiextensionsCrossplaneIoCompositionV1Manifest) Schema(_ context.Contex }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", @@ -1101,8 +1101,8 @@ func (r *ApiextensionsCrossplaneIoCompositionV1Manifest) Schema(_ context.Contex }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", @@ -1718,8 +1718,8 @@ func (r *ApiextensionsCrossplaneIoCompositionV1Manifest) Schema(_ context.Contex }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", diff --git a/internal/provider/apiextensions_crossplane_io_v1beta1/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.go b/internal/provider/apiextensions_crossplane_io_v1beta1/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.go index dfaf81207..75a1f36e8 100644 --- a/internal/provider/apiextensions_crossplane_io_v1beta1/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.go +++ b/internal/provider/apiextensions_crossplane_io_v1beta1/apiextensions_crossplane_io_composition_revision_v1beta1_manifest.go @@ -624,8 +624,8 @@ func (r *ApiextensionsCrossplaneIoCompositionRevisionV1Beta1Manifest) Schema(_ c }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", @@ -1102,8 +1102,8 @@ func (r *ApiextensionsCrossplaneIoCompositionRevisionV1Beta1Manifest) Schema(_ c }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", @@ -1719,8 +1719,8 @@ func (r *ApiextensionsCrossplaneIoCompositionRevisionV1Beta1Manifest) Schema(_ c }, "merge_options": schema.SingleNestedAttribute{ - Description: "MergeOptions Specifies merge options on a field path", - MarkdownDescription: "MergeOptions Specifies merge options on a field path", + Description: "MergeOptions Specifies merge options on a field path.", + MarkdownDescription: "MergeOptions Specifies merge options on a field path.", Attributes: map[string]schema.Attribute{ "append_slice": schema.BoolAttribute{ Description: "Specifies that already existing elements in a merged slice should be preserved", diff --git a/internal/provider/apm_k8s_elastic_co_v1/apm_k8s_elastic_co_apm_server_v1_manifest.go b/internal/provider/apm_k8s_elastic_co_v1/apm_k8s_elastic_co_apm_server_v1_manifest.go index 71f6f5d35..5020f1d73 100644 --- a/internal/provider/apm_k8s_elastic_co_v1/apm_k8s_elastic_co_apm_server_v1_manifest.go +++ b/internal/provider/apm_k8s_elastic_co_v1/apm_k8s_elastic_co_apm_server_v1_manifest.go @@ -90,7 +90,8 @@ type ApmK8SElasticCoApmServerV1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -422,7 +423,11 @@ type ApmK8SElasticCoApmServerV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -488,12 +493,13 @@ type ApmK8SElasticCoApmServerV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -674,7 +680,11 @@ type ApmK8SElasticCoApmServerV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -741,12 +751,13 @@ type ApmK8SElasticCoApmServerV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -929,7 +940,11 @@ type ApmK8SElasticCoApmServerV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -995,12 +1010,13 @@ type ApmK8SElasticCoApmServerV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1030,6 +1046,10 @@ type ApmK8SElasticCoApmServerV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1828,6 +1848,14 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2311,8 +2339,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2320,8 +2348,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2478,8 +2506,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2487,8 +2515,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2645,8 +2673,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2654,8 +2682,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2812,8 +2840,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2821,8 +2849,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4013,6 +4041,31 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4474,8 +4527,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4497,6 +4550,14 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5692,6 +5753,31 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6161,8 +6247,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6184,6 +6270,14 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6221,8 +6315,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7396,6 +7490,31 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -7857,8 +7976,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -7880,6 +7999,14 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7934,8 +8061,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8071,8 +8198,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8093,6 +8220,31 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8282,8 +8434,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8457,8 +8609,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -8900,8 +9052,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9246,8 +9398,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -9964,8 +10116,8 @@ func (r *ApmK8SElasticCoApmServerV1Manifest) Schema(_ context.Context, _ datasou NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", diff --git a/internal/provider/apm_k8s_elastic_co_v1beta1/apm_k8s_elastic_co_apm_server_v1beta1_manifest.go b/internal/provider/apm_k8s_elastic_co_v1beta1/apm_k8s_elastic_co_apm_server_v1beta1_manifest.go index 0f5ff4e9e..d6e0da7ae 100644 --- a/internal/provider/apm_k8s_elastic_co_v1beta1/apm_k8s_elastic_co_apm_server_v1beta1_manifest.go +++ b/internal/provider/apm_k8s_elastic_co_v1beta1/apm_k8s_elastic_co_apm_server_v1beta1_manifest.go @@ -88,7 +88,8 @@ type ApmK8SElasticCoApmServerV1Beta1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -414,7 +415,11 @@ type ApmK8SElasticCoApmServerV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -480,12 +485,13 @@ type ApmK8SElasticCoApmServerV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -666,7 +672,11 @@ type ApmK8SElasticCoApmServerV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -733,12 +743,13 @@ type ApmK8SElasticCoApmServerV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -921,7 +932,11 @@ type ApmK8SElasticCoApmServerV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -987,12 +1002,13 @@ type ApmK8SElasticCoApmServerV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1022,6 +1038,10 @@ type ApmK8SElasticCoApmServerV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1802,6 +1822,14 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2244,8 +2272,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2253,8 +2281,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2411,8 +2439,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2420,8 +2448,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2578,8 +2606,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2587,8 +2615,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2745,8 +2773,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2754,8 +2782,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3946,6 +3974,31 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4407,8 +4460,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4430,6 +4483,14 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5625,6 +5686,31 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6094,8 +6180,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6117,6 +6203,14 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6154,8 +6248,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7329,6 +7423,31 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -7790,8 +7909,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -7813,6 +7932,14 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7867,8 +7994,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8004,8 +8131,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8026,6 +8153,31 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8215,8 +8367,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8390,8 +8542,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -8833,8 +8985,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9179,8 +9331,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -9897,8 +10049,8 @@ func (r *ApmK8SElasticCoApmServerV1Beta1Manifest) Schema(_ context.Context, _ da NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", diff --git a/internal/provider/app_terraform_io_v1alpha2/app_terraform_io_agent_pool_v1alpha2_manifest.go b/internal/provider/app_terraform_io_v1alpha2/app_terraform_io_agent_pool_v1alpha2_manifest.go index 2cfedf365..d1e0d7c6e 100644 --- a/internal/provider/app_terraform_io_v1alpha2/app_terraform_io_agent_pool_v1alpha2_manifest.go +++ b/internal/provider/app_terraform_io_v1alpha2/app_terraform_io_agent_pool_v1alpha2_manifest.go @@ -10016,8 +10016,8 @@ func (r *AppTerraformIoAgentPoolV1Alpha2Manifest) Schema(_ context.Context, _ da }, "target_workspaces": schema.ListNestedAttribute{ - Description: "TargetWorkspaces is a list of Terraform Cloud Workspaces whichthe agent pool should scale up to meet demand. When this fieldis ommited the autoscaler will target all workspaces that areassociated with the AgentPool.", - MarkdownDescription: "TargetWorkspaces is a list of Terraform Cloud Workspaces whichthe agent pool should scale up to meet demand. When this fieldis ommited the autoscaler will target all workspaces that areassociated with the AgentPool.", + Description: "TargetWorkspaces is a list of HCP Terraform Workspaces whichthe agent pool should scale up to meet demand. When this fieldis ommited the autoscaler will target all workspaces that areassociated with the AgentPool.", + MarkdownDescription: "TargetWorkspaces is a list of HCP Terraform Workspaces whichthe agent pool should scale up to meet demand. When this fieldis ommited the autoscaler will target all workspaces that areassociated with the AgentPool.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "id": schema.StringAttribute{ diff --git a/internal/provider/app_terraform_io_v1alpha2/app_terraform_io_workspace_v1alpha2_manifest.go b/internal/provider/app_terraform_io_v1alpha2/app_terraform_io_workspace_v1alpha2_manifest.go index b841feb1d..04e490ab6 100644 --- a/internal/provider/app_terraform_io_v1alpha2/app_terraform_io_workspace_v1alpha2_manifest.go +++ b/internal/provider/app_terraform_io_v1alpha2/app_terraform_io_workspace_v1alpha2_manifest.go @@ -239,8 +239,8 @@ func (r *AppTerraformIoWorkspaceV1Alpha2Manifest) Schema(_ context.Context, _ da MarkdownDescription: "WorkspaceSpec defines the desired state of Workspace.", Attributes: map[string]schema.Attribute{ "agent_pool": schema.SingleNestedAttribute{ - Description: "Terraform Cloud Agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure.More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents", - MarkdownDescription: "Terraform Cloud Agents allow Terraform Cloud to communicate with isolated, private, or on-premises infrastructure.More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents", + Description: "HCP Terraform Agents allow HCP Terraform to communicate with isolated, private, or on-premises infrastructure.More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents", + MarkdownDescription: "HCP Terraform Agents allow HCP Terraform to communicate with isolated, private, or on-premises infrastructure.More information: - https://developer.hashicorp.com/terraform/cloud-docs/agents", Attributes: map[string]schema.Attribute{ "id": schema.StringAttribute{ Description: "Agent Pool ID.Must match pattern: '^apool-[a-zA-Z0-9]+$'", @@ -462,8 +462,8 @@ func (r *AppTerraformIoWorkspaceV1Alpha2Manifest) Schema(_ context.Context, _ da NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "email_addresses": schema.ListAttribute{ - Description: "The list of email addresses that will receive notification emails.It is only available for Terraform Enterprise users. It is not available in Terraform Cloud.", - MarkdownDescription: "The list of email addresses that will receive notification emails.It is only available for Terraform Enterprise users. It is not available in Terraform Cloud.", + Description: "The list of email addresses that will receive notification emails.It is only available for Terraform Enterprise users. It is not available in HCP Terraform.", + MarkdownDescription: "The list of email addresses that will receive notification emails.It is only available for Terraform Enterprise users. It is not available in HCP Terraform.", ElementType: types.StringType, Required: false, Optional: true, @@ -589,8 +589,8 @@ func (r *AppTerraformIoWorkspaceV1Alpha2Manifest) Schema(_ context.Context, _ da }, "remote_state_sharing": schema.SingleNestedAttribute{ - Description: "Remote state access between workspaces.By default, new workspaces in Terraform Cloud do not allow other workspaces to access their state.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces", - MarkdownDescription: "Remote state access between workspaces.By default, new workspaces in Terraform Cloud do not allow other workspaces to access their state.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces", + Description: "Remote state access between workspaces.By default, new workspaces in HCP Terraform do not allow other workspaces to access their state.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces", + MarkdownDescription: "Remote state access between workspaces.By default, new workspaces in HCP Terraform do not allow other workspaces to access their state.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/state#accessing-state-from-other-workspaces", Attributes: map[string]schema.Attribute{ "all_workspaces": schema.BoolAttribute{ Description: "Allow access to the state for all workspaces within the same organization.Default: 'false'.", @@ -639,8 +639,8 @@ func (r *AppTerraformIoWorkspaceV1Alpha2Manifest) Schema(_ context.Context, _ da }, "run_tasks": schema.ListNestedAttribute{ - Description: "Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks", - MarkdownDescription: "Run tasks allow Terraform Cloud to interact with external systems at specific points in the Terraform Cloud run lifecycle.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks", + Description: "Run tasks allow HCP Terraform to interact with external systems at specific points in the HCP Terraform run lifecycle.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks", + MarkdownDescription: "Run tasks allow HCP Terraform to interact with external systems at specific points in the HCP Terraform run lifecycle.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/run-tasks", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "enforcement_level": schema.StringAttribute{ @@ -767,8 +767,8 @@ func (r *AppTerraformIoWorkspaceV1Alpha2Manifest) Schema(_ context.Context, _ da }, "team_access": schema.ListNestedAttribute{ - Description: "Terraform Cloud workspaces can only be accessed by users with the correct permissions.You can manage permissions for a workspace on a per-team basis.When a workspace is created, only the owners team and teams with the 'manage workspaces' permission can access it,with full admin permissions. These teams' access can't be removed from a workspace.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access", - MarkdownDescription: "Terraform Cloud workspaces can only be accessed by users with the correct permissions.You can manage permissions for a workspace on a per-team basis.When a workspace is created, only the owners team and teams with the 'manage workspaces' permission can access it,with full admin permissions. These teams' access can't be removed from a workspace.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access", + Description: "HCP Terraform workspaces can only be accessed by users with the correct permissions.You can manage permissions for a workspace on a per-team basis.When a workspace is created, only the owners team and teams with the 'manage workspaces' permission can access it,with full admin permissions. These teams' access can't be removed from a workspace.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access", + MarkdownDescription: "HCP Terraform workspaces can only be accessed by users with the correct permissions.You can manage permissions for a workspace on a per-team basis.When a workspace is created, only the owners team and teams with the 'manage workspaces' permission can access it,with full admin permissions. These teams' access can't be removed from a workspace.More information: - https://developer.hashicorp.com/terraform/cloud-docs/workspaces/settings/access", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "access": schema.StringAttribute{ diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest.go index b05805eb3..15612afc2 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest.go @@ -1367,10 +1367,10 @@ func (r *AppsKubeblocksIoBackupPolicyTemplateV1Alpha1Manifest) Schema(_ context. }, "cluster_definition_ref": schema.StringAttribute{ - Description: "Specifies the name of a ClusterDefinition. This is an immutable attribute that cannot be changed after creation.", - MarkdownDescription: "Specifies the name of a ClusterDefinition. This is an immutable attribute that cannot be changed after creation.", - Required: true, - Optional: false, + Description: "Specifies the name of a ClusterDefinition. This is an immutable attribute that cannot be changed after creation. And this field is deprecated since v0.9, consider using the ComponentDef instead.", + MarkdownDescription: "Specifies the name of a ClusterDefinition. This is an immutable attribute that cannot be changed after creation. And this field is deprecated since v0.9, consider using the ComponentDef instead.", + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$`), ""), diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.go index dfbb8164e..1e9d635f9 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_definition_v1alpha1_manifest.go @@ -1950,8 +1950,8 @@ func (r *AppsKubeblocksIoClusterDefinitionV1Alpha1Manifest) Schema(_ context.Con "template_ref": schema.StringAttribute{ Description: "Specifies the name of the referenced configuration template ConfigMap object.", MarkdownDescription: "Specifies the name of the referenced configuration template ConfigMap object.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), @@ -11377,8 +11377,8 @@ func (r *AppsKubeblocksIoClusterDefinitionV1Alpha1Manifest) Schema(_ context.Con "template_ref": schema.StringAttribute{ Description: "Specifies the name of the referenced configuration template ConfigMap object.", MarkdownDescription: "Specifies the name of the referenced configuration template ConfigMap object.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_v1alpha1_manifest.go index 2baff67fc..326b26501 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_v1alpha1_manifest.go @@ -70,10 +70,23 @@ type AppsKubeblocksIoClusterV1Alpha1ManifestData struct { Tenancy *string `tfsdk:"tenancy" json:"tenancy,omitempty"` TopologyKeys *[]string `tfsdk:"topology_keys" json:"topologyKeys,omitempty"` } `tfsdk:"affinity" json:"affinity,omitempty"` - ComponentDef *string `tfsdk:"component_def" json:"componentDef,omitempty"` - ComponentDefRef *string `tfsdk:"component_def_ref" json:"componentDefRef,omitempty"` - EnabledLogs *[]string `tfsdk:"enabled_logs" json:"enabledLogs,omitempty"` - Instances *[]struct { + ComponentDef *string `tfsdk:"component_def" json:"componentDef,omitempty"` + ComponentDefRef *string `tfsdk:"component_def_ref" json:"componentDefRef,omitempty"` + Configs *[]struct { + ConfigMap *struct { + DefaultMode *int64 `tfsdk:"default_mode" json:"defaultMode,omitempty"` + Items *[]struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Mode *int64 `tfsdk:"mode" json:"mode,omitempty"` + Path *string `tfsdk:"path" json:"path,omitempty"` + } `tfsdk:"items" json:"items,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"config_map" json:"configMap,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + } `tfsdk:"configs" json:"configs,omitempty"` + EnabledLogs *[]string `tfsdk:"enabled_logs" json:"enabledLogs,omitempty"` + Instances *[]struct { Annotations *map[string]string `tfsdk:"annotations" json:"annotations,omitempty"` Env *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -869,10 +882,23 @@ type AppsKubeblocksIoClusterV1Alpha1ManifestData struct { Tenancy *string `tfsdk:"tenancy" json:"tenancy,omitempty"` TopologyKeys *[]string `tfsdk:"topology_keys" json:"topologyKeys,omitempty"` } `tfsdk:"affinity" json:"affinity,omitempty"` - ComponentDef *string `tfsdk:"component_def" json:"componentDef,omitempty"` - ComponentDefRef *string `tfsdk:"component_def_ref" json:"componentDefRef,omitempty"` - EnabledLogs *[]string `tfsdk:"enabled_logs" json:"enabledLogs,omitempty"` - Instances *[]struct { + ComponentDef *string `tfsdk:"component_def" json:"componentDef,omitempty"` + ComponentDefRef *string `tfsdk:"component_def_ref" json:"componentDefRef,omitempty"` + Configs *[]struct { + ConfigMap *struct { + DefaultMode *int64 `tfsdk:"default_mode" json:"defaultMode,omitempty"` + Items *[]struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Mode *int64 `tfsdk:"mode" json:"mode,omitempty"` + Path *string `tfsdk:"path" json:"path,omitempty"` + } `tfsdk:"items" json:"items,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"config_map" json:"configMap,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + } `tfsdk:"configs" json:"configs,omitempty"` + EnabledLogs *[]string `tfsdk:"enabled_logs" json:"enabledLogs,omitempty"` + Instances *[]struct { Annotations *map[string]string `tfsdk:"annotations" json:"annotations,omitempty"` Env *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -1814,6 +1840,93 @@ func (r *AppsKubeblocksIoClusterV1Alpha1Manifest) Schema(_ context.Context, _ da }, }, + "configs": schema.ListNestedAttribute{ + Description: "", + MarkdownDescription: "", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "config_map": schema.SingleNestedAttribute{ + Description: "ConfigMap source for the config.", + MarkdownDescription: "ConfigMap source for the config.", + Attributes: map[string]schema.Attribute{ + "default_mode": schema.Int64Attribute{ + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + Required: false, + Optional: true, + Computed: false, + }, + + "items": schema.ListNestedAttribute{ + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "key is the key to project.", + MarkdownDescription: "key is the key to project.", + Required: true, + Optional: false, + Computed: false, + }, + + "mode": schema.Int64Attribute{ + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + Required: false, + Optional: true, + Computed: false, + }, + + "path": schema.StringAttribute{ + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + Required: true, + Optional: false, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "optional specify whether the ConfigMap or its keys must be defined", + MarkdownDescription: "optional specify whether the ConfigMap or its keys must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "The name of the config.", + MarkdownDescription: "The name of the config.", + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "enabled_logs": schema.ListAttribute{ Description: "Specifies which types of logs should be collected for the Component. The log types are defined in the 'componentDefinition.spec.logConfigs' field with the LogConfig entries. The elements in the 'enabledLogs' array correspond to the names of the LogConfig entries. For example, if the 'componentDefinition.spec.logConfigs' defines LogConfig entries with names 'slow_query_log' and 'error_log', you can enable the collection of these logs by including their names in the 'enabledLogs' array: '''yaml enabledLogs: - slow_query_log - error_log '''", MarkdownDescription: "Specifies which types of logs should be collected for the Component. The log types are defined in the 'componentDefinition.spec.logConfigs' field with the LogConfig entries. The elements in the 'enabledLogs' array correspond to the names of the LogConfig entries. For example, if the 'componentDefinition.spec.logConfigs' defines LogConfig entries with names 'slow_query_log' and 'error_log', you can enable the collection of these logs by including their names in the 'enabledLogs' array: '''yaml enabledLogs: - slow_query_log - error_log '''", @@ -7241,6 +7354,93 @@ func (r *AppsKubeblocksIoClusterV1Alpha1Manifest) Schema(_ context.Context, _ da }, }, + "configs": schema.ListNestedAttribute{ + Description: "", + MarkdownDescription: "", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "config_map": schema.SingleNestedAttribute{ + Description: "ConfigMap source for the config.", + MarkdownDescription: "ConfigMap source for the config.", + Attributes: map[string]schema.Attribute{ + "default_mode": schema.Int64Attribute{ + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + Required: false, + Optional: true, + Computed: false, + }, + + "items": schema.ListNestedAttribute{ + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "key is the key to project.", + MarkdownDescription: "key is the key to project.", + Required: true, + Optional: false, + Computed: false, + }, + + "mode": schema.Int64Attribute{ + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + Required: false, + Optional: true, + Computed: false, + }, + + "path": schema.StringAttribute{ + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + Required: true, + Optional: false, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "optional specify whether the ConfigMap or its keys must be defined", + MarkdownDescription: "optional specify whether the ConfigMap or its keys must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "The name of the config.", + MarkdownDescription: "The name of the config.", + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "enabled_logs": schema.ListAttribute{ Description: "Specifies which types of logs should be collected for the Component. The log types are defined in the 'componentDefinition.spec.logConfigs' field with the LogConfig entries. The elements in the 'enabledLogs' array correspond to the names of the LogConfig entries. For example, if the 'componentDefinition.spec.logConfigs' defines LogConfig entries with names 'slow_query_log' and 'error_log', you can enable the collection of these logs by including their names in the 'enabledLogs' array: '''yaml enabledLogs: - slow_query_log - error_log '''", MarkdownDescription: "Specifies which types of logs should be collected for the Component. The log types are defined in the 'componentDefinition.spec.logConfigs' field with the LogConfig entries. The elements in the 'enabledLogs' array correspond to the names of the LogConfig entries. For example, if the 'componentDefinition.spec.logConfigs' defines LogConfig entries with names 'slow_query_log' and 'error_log', you can enable the collection of these logs by including their names in the 'enabledLogs' array: '''yaml enabledLogs: - slow_query_log - error_log '''", diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_version_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_version_v1alpha1_manifest.go index 42d29d2d0..df7ab0d13 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_version_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_cluster_version_v1alpha1_manifest.go @@ -308,8 +308,8 @@ func (r *AppsKubeblocksIoClusterVersionV1Alpha1Manifest) Schema(_ context.Contex "template_ref": schema.StringAttribute{ Description: "Specifies the name of the referenced configuration template ConfigMap object.", MarkdownDescription: "Specifies the name of the referenced configuration template ConfigMap object.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_definition_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_definition_v1alpha1_manifest.go index 637c6e961..803fddb37 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_definition_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_definition_v1alpha1_manifest.go @@ -2376,8 +2376,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C }, "configs": schema.ListNestedAttribute{ - Description: "Specifies the configuration file templates and volume mount parameters used by the Component. It also includes descriptions of the parameters in the ConfigMaps, such as value range limitations. This field specifies a list of templates that will be rendered into Component containers' configuration files. Each template is represented as a ConfigMap and may contain multiple configuration files, with each file being a key in the ConfigMap. The rendered configuration files will be mounted into the Component's containers according to the specified volume mount parameters. This field is immutable. TODO: support referencing configs from other components or clusters.", - MarkdownDescription: "Specifies the configuration file templates and volume mount parameters used by the Component. It also includes descriptions of the parameters in the ConfigMaps, such as value range limitations. This field specifies a list of templates that will be rendered into Component containers' configuration files. Each template is represented as a ConfigMap and may contain multiple configuration files, with each file being a key in the ConfigMap. The rendered configuration files will be mounted into the Component's containers according to the specified volume mount parameters. This field is immutable. TODO: support referencing configs from other components or clusters.", + Description: "Specifies the configuration file templates and volume mount parameters used by the Component. It also includes descriptions of the parameters in the ConfigMaps, such as value range limitations. This field specifies a list of templates that will be rendered into Component containers' configuration files. Each template is represented as a ConfigMap and may contain multiple configuration files, with each file being a key in the ConfigMap. The rendered configuration files will be mounted into the Component's containers according to the specified volume mount parameters. This field is immutable.", + MarkdownDescription: "Specifies the configuration file templates and volume mount parameters used by the Component. It also includes descriptions of the parameters in the ConfigMaps, such as value range limitations. This field specifies a list of templates that will be rendered into Component containers' configuration files. Each template is represented as a ConfigMap and may contain multiple configuration files, with each file being a key in the ConfigMap. The rendered configuration files will be mounted into the Component's containers according to the specified volume mount parameters. This field is immutable.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "as_env_from": schema.ListAttribute{ @@ -2507,8 +2507,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C "template_ref": schema.StringAttribute{ Description: "Specifies the name of the referenced configuration template ConfigMap object.", MarkdownDescription: "Specifies the name of the referenced configuration template ConfigMap object.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), @@ -15885,8 +15885,8 @@ func (r *AppsKubeblocksIoComponentDefinitionV1Alpha1Manifest) Schema(_ context.C "template_ref": schema.StringAttribute{ Description: "Specifies the name of the referenced configuration template ConfigMap object.", MarkdownDescription: "Specifies the name of the referenced configuration template ConfigMap object.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_v1alpha1_manifest.go index 4db828c46..d790dfd88 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_component_v1alpha1_manifest.go @@ -53,21 +53,17 @@ type AppsKubeblocksIoComponentV1Alpha1ManifestData struct { } `tfsdk:"affinity" json:"affinity,omitempty"` CompDef *string `tfsdk:"comp_def" json:"compDef,omitempty"` Configs *[]struct { - AsEnvFrom *[]string `tfsdk:"as_env_from" json:"asEnvFrom,omitempty"` - ConstraintRef *string `tfsdk:"constraint_ref" json:"constraintRef,omitempty"` - DefaultMode *int64 `tfsdk:"default_mode" json:"defaultMode,omitempty"` - InjectEnvTo *[]string `tfsdk:"inject_env_to" json:"injectEnvTo,omitempty"` - Keys *[]string `tfsdk:"keys" json:"keys,omitempty"` - LegacyRenderedConfigSpec *struct { - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - Policy *string `tfsdk:"policy" json:"policy,omitempty"` - TemplateRef *string `tfsdk:"template_ref" json:"templateRef,omitempty"` - } `tfsdk:"legacy_rendered_config_spec" json:"legacyRenderedConfigSpec,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - ReRenderResourceTypes *[]string `tfsdk:"re_render_resource_types" json:"reRenderResourceTypes,omitempty"` - TemplateRef *string `tfsdk:"template_ref" json:"templateRef,omitempty"` - VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` + ConfigMap *struct { + DefaultMode *int64 `tfsdk:"default_mode" json:"defaultMode,omitempty"` + Items *[]struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Mode *int64 `tfsdk:"mode" json:"mode,omitempty"` + Path *string `tfsdk:"path" json:"path,omitempty"` + } `tfsdk:"items" json:"items,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"config_map" json:"configMap,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"configs" json:"configs,omitempty"` EnabledLogs *[]string `tfsdk:"enabled_logs" json:"enabledLogs,omitempty"` Instances *[]struct { @@ -837,94 +833,71 @@ func (r *AppsKubeblocksIoComponentV1Alpha1Manifest) Schema(_ context.Context, _ }, "configs": schema.ListNestedAttribute{ - Description: "Reserved field for future use.", - MarkdownDescription: "Reserved field for future use.", + Description: "", + MarkdownDescription: "", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ - "as_env_from": schema.ListAttribute{ - Description: "Specifies the containers to inject the ConfigMap parameters as environment variables. This is useful when application images accept parameters through environment variables and generate the final configuration file in the startup script based on these variables. This field allows users to specify a list of container names, and KubeBlocks will inject the environment variables converted from the ConfigMap into these designated containers. This provides a flexible way to pass the configuration items from the ConfigMap to the container without modifying the image. Deprecated: 'asEnvFrom' has been deprecated since 0.9.0 and will be removed in 0.10.0. Use 'injectEnvTo' instead.", - MarkdownDescription: "Specifies the containers to inject the ConfigMap parameters as environment variables. This is useful when application images accept parameters through environment variables and generate the final configuration file in the startup script based on these variables. This field allows users to specify a list of container names, and KubeBlocks will inject the environment variables converted from the ConfigMap into these designated containers. This provides a flexible way to pass the configuration items from the ConfigMap to the container without modifying the image. Deprecated: 'asEnvFrom' has been deprecated since 0.9.0 and will be removed in 0.10.0. Use 'injectEnvTo' instead.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "constraint_ref": schema.StringAttribute{ - Description: "Specifies the name of the referenced configuration constraints object.", - MarkdownDescription: "Specifies the name of the referenced configuration constraints object.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$`), ""), - }, - }, - - "default_mode": schema.Int64Attribute{ - Description: "Deprecated: DefaultMode is deprecated since 0.9.0 and will be removed in 0.10.0 for scripts, auto set 0555 for configs, auto set 0444 Refers to the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - MarkdownDescription: "Deprecated: DefaultMode is deprecated since 0.9.0 and will be removed in 0.10.0 for scripts, auto set 0555 for configs, auto set 0444 Refers to the mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", - Required: false, - Optional: true, - Computed: false, - }, - - "inject_env_to": schema.ListAttribute{ - Description: "Specifies the containers to inject the ConfigMap parameters as environment variables. This is useful when application images accept parameters through environment variables and generate the final configuration file in the startup script based on these variables. This field allows users to specify a list of container names, and KubeBlocks will inject the environment variables converted from the ConfigMap into these designated containers. This provides a flexible way to pass the configuration items from the ConfigMap to the container without modifying the image.", - MarkdownDescription: "Specifies the containers to inject the ConfigMap parameters as environment variables. This is useful when application images accept parameters through environment variables and generate the final configuration file in the startup script based on these variables. This field allows users to specify a list of container names, and KubeBlocks will inject the environment variables converted from the ConfigMap into these designated containers. This provides a flexible way to pass the configuration items from the ConfigMap to the container without modifying the image.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "keys": schema.ListAttribute{ - Description: "Specifies the configuration files within the ConfigMap that support dynamic updates. A configuration template (provided in the form of a ConfigMap) may contain templates for multiple configuration files. Each configuration file corresponds to a key in the ConfigMap. Some of these configuration files may support dynamic modification and reloading without requiring a pod restart. If empty or omitted, all configuration files in the ConfigMap are assumed to support dynamic updates, and ConfigConstraint applies to all keys.", - MarkdownDescription: "Specifies the configuration files within the ConfigMap that support dynamic updates. A configuration template (provided in the form of a ConfigMap) may contain templates for multiple configuration files. Each configuration file corresponds to a key in the ConfigMap. Some of these configuration files may support dynamic modification and reloading without requiring a pod restart. If empty or omitted, all configuration files in the ConfigMap are assumed to support dynamic updates, and ConfigConstraint applies to all keys.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "legacy_rendered_config_spec": schema.SingleNestedAttribute{ - Description: "Specifies the secondary rendered config spec for pod-specific customization. The template is rendered inside the pod (by the 'config-manager' sidecar container) and merged with the main template's render result to generate the final configuration file. This field is intended to handle scenarios where different pods within the same Component have varying configurations. It allows for pod-specific customization of the configuration. Note: This field will be deprecated in future versions, and the functionality will be moved to 'cluster.spec.componentSpecs[*].instances[*]'.", - MarkdownDescription: "Specifies the secondary rendered config spec for pod-specific customization. The template is rendered inside the pod (by the 'config-manager' sidecar container) and merged with the main template's render result to generate the final configuration file. This field is intended to handle scenarios where different pods within the same Component have varying configurations. It allows for pod-specific customization of the configuration. Note: This field will be deprecated in future versions, and the functionality will be moved to 'cluster.spec.componentSpecs[*].instances[*]'.", + "config_map": schema.SingleNestedAttribute{ + Description: "ConfigMap source for the config.", + MarkdownDescription: "ConfigMap source for the config.", Attributes: map[string]schema.Attribute{ - "namespace": schema.StringAttribute{ - Description: "Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace.", - MarkdownDescription: "Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace.", + "default_mode": schema.Int64Attribute{ + Description: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "defaultMode is optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$`), ""), + }, + + "items": schema.ListNestedAttribute{ + Description: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + MarkdownDescription: "items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "key is the key to project.", + MarkdownDescription: "key is the key to project.", + Required: true, + Optional: false, + Computed: false, + }, + + "mode": schema.Int64Attribute{ + Description: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + MarkdownDescription: "mode is Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.", + Required: false, + Optional: true, + Computed: false, + }, + + "path": schema.StringAttribute{ + Description: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + MarkdownDescription: "path is the relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'.", + Required: true, + Optional: false, + Computed: false, + }, + }, }, + Required: false, + Optional: true, + Computed: false, }, - "policy": schema.StringAttribute{ - Description: "Defines the strategy for merging externally imported templates into component templates.", - MarkdownDescription: "Defines the strategy for merging externally imported templates into component templates.", + "name": schema.StringAttribute{ + Description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?", Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("patch", "replace", "none"), - }, }, - "template_ref": schema.StringAttribute{ - Description: "Specifies the name of the referenced configuration template ConfigMap object.", - MarkdownDescription: "Specifies the name of the referenced configuration template ConfigMap object.", - Required: true, - Optional: false, + "optional": schema.BoolAttribute{ + Description: "optional specify whether the ConfigMap or its keys must be defined", + MarkdownDescription: "optional specify whether the ConfigMap or its keys must be defined", + Required: false, + Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$`), ""), - }, }, }, Required: false, @@ -933,61 +906,12 @@ func (r *AppsKubeblocksIoComponentV1Alpha1Manifest) Schema(_ context.Context, _ }, "name": schema.StringAttribute{ - Description: "Specifies the name of the configuration template.", - MarkdownDescription: "Specifies the name of the configuration template.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$`), ""), - }, - }, - - "namespace": schema.StringAttribute{ - Description: "Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace.", - MarkdownDescription: "Specifies the namespace of the referenced configuration template ConfigMap object. An empty namespace is equivalent to the 'default' namespace.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$`), ""), - }, - }, - - "re_render_resource_types": schema.ListAttribute{ - Description: "Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes. In some scenarios, the configuration may need to be updated to reflect the changes in resource allocation or cluster topology. Examples: - Redis: adjust maxmemory after v-scale operation. - MySQL: increase max connections after v-scale operation. - Zookeeper: update zoo.cfg with new node addresses after h-scale operation.", - MarkdownDescription: "Specifies whether the configuration needs to be re-rendered after v-scale or h-scale operations to reflect changes. In some scenarios, the configuration may need to be updated to reflect the changes in resource allocation or cluster topology. Examples: - Redis: adjust maxmemory after v-scale operation. - MySQL: increase max connections after v-scale operation. - Zookeeper: update zoo.cfg with new node addresses after h-scale operation.", - ElementType: types.StringType, + Description: "The name of the config.", + MarkdownDescription: "The name of the config.", Required: false, Optional: true, Computed: false, }, - - "template_ref": schema.StringAttribute{ - Description: "Specifies the name of the referenced configuration template ConfigMap object.", - MarkdownDescription: "Specifies the name of the referenced configuration template ConfigMap object.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$`), ""), - }, - }, - - "volume_name": schema.StringAttribute{ - Description: "Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts.", - MarkdownDescription: "Refers to the volume name of PodTemplate. The configuration file produced through the configuration template will be mounted to the corresponding volume. Must be a DNS_LABEL name. The volume name must be defined in podSpec.containers[*].volumeMounts.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z]([a-z0-9\-]*[a-z0-9])?$`), ""), - }, - }, }, }, Required: false, diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_config_constraint_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_config_constraint_v1alpha1_manifest.go index 7ae81bb8a..59c54b48b 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_config_constraint_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_config_constraint_v1alpha1_manifest.go @@ -63,13 +63,16 @@ type AppsKubeblocksIoConfigConstraintV1Alpha1ManifestData struct { Resource *string `tfsdk:"resource" json:"resource,omitempty"` } `tfsdk:"resource_field_ref" json:"resourceFieldRef,omitempty"` } `tfsdk:"items" json:"items,omitempty"` - MountPoint *string `tfsdk:"mount_point" json:"mountPoint,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` + MountPoint *string `tfsdk:"mount_point" json:"mountPoint,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ScriptConfig *struct { + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + ScriptConfigMapRef *string `tfsdk:"script_config_map_ref" json:"scriptConfigMapRef,omitempty"` + } `tfsdk:"script_config" json:"scriptConfig,omitempty"` } `tfsdk:"downward_api_options" json:"downwardAPIOptions,omitempty"` - DynamicActionCanBeMerged *bool `tfsdk:"dynamic_action_can_be_merged" json:"dynamicActionCanBeMerged,omitempty"` - DynamicParameterSelectedPolicy *string `tfsdk:"dynamic_parameter_selected_policy" json:"dynamicParameterSelectedPolicy,omitempty"` - DynamicParameters *[]string `tfsdk:"dynamic_parameters" json:"dynamicParameters,omitempty"` - FormatterConfig *struct { + DynamicActionCanBeMerged *bool `tfsdk:"dynamic_action_can_be_merged" json:"dynamicActionCanBeMerged,omitempty"` + DynamicParameters *[]string `tfsdk:"dynamic_parameters" json:"dynamicParameters,omitempty"` + FormatterConfig *struct { Format *string `tfsdk:"format" json:"format,omitempty"` IniConfig *struct { SectionName *string `tfsdk:"section_name" json:"sectionName,omitempty"` @@ -81,10 +84,23 @@ type AppsKubeblocksIoConfigConstraintV1Alpha1ManifestData struct { ProcessName *string `tfsdk:"process_name" json:"processName,omitempty"` } `tfsdk:"auto_trigger" json:"autoTrigger,omitempty"` ShellTrigger *struct { - BatchParametersTemplate *string `tfsdk:"batch_parameters_template" json:"batchParametersTemplate,omitempty"` - BatchReload *bool `tfsdk:"batch_reload" json:"batchReload,omitempty"` - Command *[]string `tfsdk:"command" json:"command,omitempty"` - Sync *bool `tfsdk:"sync" json:"sync,omitempty"` + BatchParamsFormatterTemplate *string `tfsdk:"batch_params_formatter_template" json:"batchParamsFormatterTemplate,omitempty"` + BatchReload *bool `tfsdk:"batch_reload" json:"batchReload,omitempty"` + Command *[]string `tfsdk:"command" json:"command,omitempty"` + ScriptConfig *struct { + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + ScriptConfigMapRef *string `tfsdk:"script_config_map_ref" json:"scriptConfigMapRef,omitempty"` + } `tfsdk:"script_config" json:"scriptConfig,omitempty"` + Sync *bool `tfsdk:"sync" json:"sync,omitempty"` + ToolsSetup *struct { + MountPoint *string `tfsdk:"mount_point" json:"mountPoint,omitempty"` + ToolConfigs *[]struct { + AsContainerImage *bool `tfsdk:"as_container_image" json:"asContainerImage,omitempty"` + Command *[]string `tfsdk:"command" json:"command,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + } `tfsdk:"tool_configs" json:"toolConfigs,omitempty"` + } `tfsdk:"tools_setup" json:"toolsSetup,omitempty"` } `tfsdk:"shell_trigger" json:"shellTrigger,omitempty"` TplScriptTrigger *struct { Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` @@ -96,7 +112,8 @@ type AppsKubeblocksIoConfigConstraintV1Alpha1ManifestData struct { Signal *string `tfsdk:"signal" json:"signal,omitempty"` } `tfsdk:"unix_signal_trigger" json:"unixSignalTrigger,omitempty"` } `tfsdk:"reload_options" json:"reloadOptions,omitempty"` - ScriptConfigs *[]struct { + ReloadStaticParamsBeforeRestart *bool `tfsdk:"reload_static_params_before_restart" json:"reloadStaticParamsBeforeRestart,omitempty"` + ScriptConfigs *[]struct { Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` ScriptConfigMapRef *string `tfsdk:"script_config_map_ref" json:"scriptConfigMapRef,omitempty"` } `tfsdk:"script_configs" json:"scriptConfigs,omitempty"` @@ -341,6 +358,35 @@ func (r *AppsKubeblocksIoConfigConstraintV1Alpha1Manifest) Schema(_ context.Cont stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$`), ""), }, }, + + "script_config": schema.SingleNestedAttribute{ + Description: "ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the DownwardAction to perform specific tasks or configurations.", + MarkdownDescription: "ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the DownwardAction to perform specific tasks or configurations.", + Attributes: map[string]schema.Attribute{ + "namespace": schema.StringAttribute{ + Description: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", + MarkdownDescription: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(63), + stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$`), ""), + }, + }, + + "script_config_map_ref": schema.StringAttribute{ + Description: "Specifies the reference to the ConfigMap containing the scripts.", + MarkdownDescription: "Specifies the reference to the ConfigMap containing the scripts.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, }, }, Required: false, @@ -356,17 +402,6 @@ func (r *AppsKubeblocksIoConfigConstraintV1Alpha1Manifest) Schema(_ context.Cont Computed: false, }, - "dynamic_parameter_selected_policy": schema.StringAttribute{ - Description: "Configures whether the dynamic reload specified in 'reloadOptions' applies only to dynamic parameters or to all parameters (including static parameters). - 'dynamic' (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - 'all': Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart.", - MarkdownDescription: "Configures whether the dynamic reload specified in 'reloadOptions' applies only to dynamic parameters or to all parameters (including static parameters). - 'dynamic' (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - 'all': Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("all", "dynamic"), - }, - }, - "dynamic_parameters": schema.ListAttribute{ Description: "List dynamic parameters. Modifications to these parameters trigger a configuration reload without requiring a process restart.", MarkdownDescription: "List dynamic parameters. Modifications to these parameters trigger a configuration reload without requiring a process restart.", @@ -447,9 +482,9 @@ func (r *AppsKubeblocksIoConfigConstraintV1Alpha1Manifest) Schema(_ context.Cont Description: "Allows to execute a custom shell script to reload the process.", MarkdownDescription: "Allows to execute a custom shell script to reload the process.", Attributes: map[string]schema.Attribute{ - "batch_parameters_template": schema.StringAttribute{ - Description: "Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParametersTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 '''", - MarkdownDescription: "Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParametersTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 '''", + "batch_params_formatter_template": schema.StringAttribute{ + Description: "Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParamsFormatterTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 '''", + MarkdownDescription: "Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParamsFormatterTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 '''", Required: false, Optional: true, Computed: false, @@ -472,6 +507,35 @@ func (r *AppsKubeblocksIoConfigConstraintV1Alpha1Manifest) Schema(_ context.Cont Computed: false, }, + "script_config": schema.SingleNestedAttribute{ + Description: "ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload.", + MarkdownDescription: "ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload.", + Attributes: map[string]schema.Attribute{ + "namespace": schema.StringAttribute{ + Description: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", + MarkdownDescription: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(63), + stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$`), ""), + }, + }, + + "script_config_map_ref": schema.StringAttribute{ + Description: "Specifies the reference to the ConfigMap containing the scripts.", + MarkdownDescription: "Specifies the reference to the ConfigMap containing the scripts.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "sync": schema.BoolAttribute{ Description: "Determines the synchronization mode of parameter updates with 'config-manager'. - 'True': Executes reload actions synchronously, pausing until completion. - 'False': Executes reload actions asynchronously, without waiting for completion.", MarkdownDescription: "Determines the synchronization mode of parameter updates with 'config-manager'. - 'True': Executes reload actions synchronously, pausing until completion. - 'False': Executes reload actions asynchronously, without waiting for completion.", @@ -479,6 +543,74 @@ func (r *AppsKubeblocksIoConfigConstraintV1Alpha1Manifest) Schema(_ context.Cont Optional: true, Computed: false, }, + + "tools_setup": schema.SingleNestedAttribute{ + Description: "Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar.", + MarkdownDescription: "Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar.", + Attributes: map[string]schema.Attribute{ + "mount_point": schema.StringAttribute{ + Description: "Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation.", + MarkdownDescription: "Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(128), + }, + }, + + "tool_configs": schema.ListNestedAttribute{ + Description: "Specifies a list of settings of init containers that prepare tools for dynamic reload.", + MarkdownDescription: "Specifies a list of settings of init containers that prepare tools for dynamic reload.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "as_container_image": schema.BoolAttribute{ + Description: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", + MarkdownDescription: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", + Required: false, + Optional: true, + Computed: false, + }, + + "command": schema.ListAttribute{ + Description: "Specifies the command to be executed by the init container.", + MarkdownDescription: "Specifies the command to be executed by the init container.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "image": schema.StringAttribute{ + Description: "Specifies the tool container image.", + MarkdownDescription: "Specifies the tool container image.", + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Specifies the name of the init container.", + MarkdownDescription: "Specifies the name of the init container.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(63), + stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z]([a-z0-9\-]*[a-z0-9])?$`), ""), + }, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, }, Required: false, Optional: true, @@ -555,6 +687,14 @@ func (r *AppsKubeblocksIoConfigConstraintV1Alpha1Manifest) Schema(_ context.Cont Computed: false, }, + "reload_static_params_before_restart": schema.BoolAttribute{ + Description: "Configures whether the dynamic reload specified in 'reloadOptions' applies only to dynamic parameters or to all parameters (including static parameters). - false (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - true: Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart.", + MarkdownDescription: "Configures whether the dynamic reload specified in 'reloadOptions' applies only to dynamic parameters or to all parameters (including static parameters). - false (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - true: Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart.", + Required: false, + Optional: true, + Computed: false, + }, + "script_configs": schema.ListNestedAttribute{ Description: "A list of ScriptConfig Object. Each ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload and DownwardAction to perform specific tasks or configurations.", MarkdownDescription: "A list of ScriptConfig Object. Each ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload and DownwardAction to perform specific tasks or configurations.", @@ -670,8 +810,8 @@ func (r *AppsKubeblocksIoConfigConstraintV1Alpha1Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "as_container_image": schema.BoolAttribute{ - Description: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml reloadToolsImage: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", - MarkdownDescription: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml reloadToolsImage: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", + Description: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", + MarkdownDescription: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_configuration_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_configuration_v1alpha1_manifest.go index 7b245c052..00a38c9b9 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_configuration_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_configuration_v1alpha1_manifest.go @@ -335,8 +335,8 @@ func (r *AppsKubeblocksIoConfigurationV1Alpha1Manifest) Schema(_ context.Context "template_ref": schema.StringAttribute{ Description: "Specifies the name of the referenced configuration template ConfigMap object.", MarkdownDescription: "Specifies the name of the referenced configuration template ConfigMap object.", - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, Validators: []validator.String{ stringvalidator.LengthAtMost(63), diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_ops_definition_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_ops_definition_v1alpha1_manifest.go index 3ba10327d..26f1422f6 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_ops_definition_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_ops_definition_v1alpha1_manifest.go @@ -45,10 +45,10 @@ type AppsKubeblocksIoOpsDefinitionV1Alpha1ManifestData struct { Spec *struct { Actions *[]struct { Exec *struct { - BackoffLimit *int64 `tfsdk:"backoff_limit" json:"backoffLimit,omitempty"` - Command *[]string `tfsdk:"command" json:"command,omitempty"` - ContainerName *string `tfsdk:"container_name" json:"containerName,omitempty"` - TargetPodTemplate *string `tfsdk:"target_pod_template" json:"targetPodTemplate,omitempty"` + BackoffLimit *int64 `tfsdk:"backoff_limit" json:"backoffLimit,omitempty"` + Command *[]string `tfsdk:"command" json:"command,omitempty"` + ContainerName *string `tfsdk:"container_name" json:"containerName,omitempty"` + PodInfoExtractorName *string `tfsdk:"pod_info_extractor_name" json:"podInfoExtractorName,omitempty"` } `tfsdk:"exec" json:"exec,omitempty"` FailurePolicy *string `tfsdk:"failure_policy" json:"failurePolicy,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` @@ -75,8 +75,9 @@ type AppsKubeblocksIoOpsDefinitionV1Alpha1ManifestData struct { } `tfsdk:"resource" json:"resource,omitempty"` } `tfsdk:"resource_modifier" json:"resourceModifier,omitempty"` Workload *struct { - BackoffLimit *int64 `tfsdk:"backoff_limit" json:"backoffLimit,omitempty"` - PodSpec *struct { + BackoffLimit *int64 `tfsdk:"backoff_limit" json:"backoffLimit,omitempty"` + PodInfoExtractorName *string `tfsdk:"pod_info_extractor_name" json:"podInfoExtractorName,omitempty"` + PodSpec *struct { ActiveDeadlineSeconds *int64 `tfsdk:"active_deadline_seconds" json:"activeDeadlineSeconds,omitempty"` Affinity *struct { NodeAffinity *struct { @@ -1314,41 +1315,36 @@ type AppsKubeblocksIoOpsDefinitionV1Alpha1ManifestData struct { } `tfsdk:"vsphere_volume" json:"vsphereVolume,omitempty"` } `tfsdk:"volumes" json:"volumes,omitempty"` } `tfsdk:"pod_spec" json:"podSpec,omitempty"` - TargetPodTemplate *string `tfsdk:"target_pod_template" json:"targetPodTemplate,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"workload" json:"workload,omitempty"` } `tfsdk:"actions" json:"actions,omitempty"` - ComponentDefinitionRefs *[]struct { - AccountName *string `tfsdk:"account_name" json:"accountName,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ServiceName *string `tfsdk:"service_name" json:"serviceName,omitempty"` - } `tfsdk:"component_definition_refs" json:"componentDefinitionRefs,omitempty"` + ComponentInfos *[]struct { + AccountName *string `tfsdk:"account_name" json:"accountName,omitempty"` + ComponentDefinitionName *string `tfsdk:"component_definition_name" json:"componentDefinitionName,omitempty"` + ServiceName *string `tfsdk:"service_name" json:"serviceName,omitempty"` + } `tfsdk:"component_infos" json:"componentInfos,omitempty"` ParametersSchema *struct { OpenAPIV3Schema *map[string]string `tfsdk:"open_apiv3_schema" json:"openAPIV3Schema,omitempty"` } `tfsdk:"parameters_schema" json:"parametersSchema,omitempty"` - PreConditions *[]struct { - Rule *struct { - Expression *string `tfsdk:"expression" json:"expression,omitempty"` - Message *string `tfsdk:"message" json:"message,omitempty"` - } `tfsdk:"rule" json:"rule,omitempty"` - } `tfsdk:"pre_conditions" json:"preConditions,omitempty"` - TargetPodTemplates *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - PodSelector *struct { - Availability *string `tfsdk:"availability" json:"availability,omitempty"` - Role *string `tfsdk:"role" json:"role,omitempty"` - SelectionPolicy *string `tfsdk:"selection_policy" json:"selectionPolicy,omitempty"` - } `tfsdk:"pod_selector" json:"podSelector,omitempty"` - Vars *[]struct { + PodInfoExtractors *[]struct { + Env *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` ValueFrom *struct { EnvRef *struct { - ContainerName *string `tfsdk:"container_name" json:"containerName,omitempty"` - EnvName *string `tfsdk:"env_name" json:"envName,omitempty"` + EnvName *string `tfsdk:"env_name" json:"envName,omitempty"` + TargetContainerName *string `tfsdk:"target_container_name" json:"targetContainerName,omitempty"` } `tfsdk:"env_ref" json:"envRef,omitempty"` - FieldPath *string `tfsdk:"field_path" json:"fieldPath,omitempty"` + FieldPath *struct { + ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` + FieldPath *string `tfsdk:"field_path" json:"fieldPath,omitempty"` + } `tfsdk:"field_path" json:"fieldPath,omitempty"` } `tfsdk:"value_from" json:"valueFrom,omitempty"` - } `tfsdk:"vars" json:"vars,omitempty"` + } `tfsdk:"env" json:"env,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + PodSelector *struct { + MultiPodSelectionPolicy *string `tfsdk:"multi_pod_selection_policy" json:"multiPodSelectionPolicy,omitempty"` + Role *string `tfsdk:"role" json:"role,omitempty"` + } `tfsdk:"pod_selector" json:"podSelector,omitempty"` VolumeMounts *[]struct { MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` @@ -1357,7 +1353,13 @@ type AppsKubeblocksIoOpsDefinitionV1Alpha1ManifestData struct { SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` - } `tfsdk:"target_pod_templates" json:"targetPodTemplates,omitempty"` + } `tfsdk:"pod_info_extractors" json:"podInfoExtractors,omitempty"` + PreConditions *[]struct { + Rule *struct { + Expression *string `tfsdk:"expression" json:"expression,omitempty"` + Message *string `tfsdk:"message" json:"message,omitempty"` + } `tfsdk:"rule" json:"rule,omitempty"` + } `tfsdk:"pre_conditions" json:"preConditions,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } @@ -1463,9 +1465,9 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Computed: false, }, - "target_pod_template": schema.StringAttribute{ - Description: "Specifies a TargetPodTemplate defined in the 'opsDefinition.spec.targetPodTemplates'.", - MarkdownDescription: "Specifies a TargetPodTemplate defined in the 'opsDefinition.spec.targetPodTemplates'.", + "pod_info_extractor_name": schema.StringAttribute{ + Description: "Specifies a PodInfoExtractor defined in the 'opsDefinition.spec.podInfoExtractors'.", + MarkdownDescription: "Specifies a PodInfoExtractor defined in the 'opsDefinition.spec.podInfoExtractors'.", Required: true, Optional: false, Computed: false, @@ -1666,6 +1668,14 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context }, }, + "pod_info_extractor_name": schema.StringAttribute{ + Description: "Specifies a PodInfoExtractor defined in the 'opsDefinition.spec.podInfoExtractors'.", + MarkdownDescription: "Specifies a PodInfoExtractor defined in the 'opsDefinition.spec.podInfoExtractors'.", + Required: false, + Optional: true, + Computed: false, + }, + "pod_spec": schema.SingleNestedAttribute{ Description: "Specifies the PodSpec of the 'workload' action.", MarkdownDescription: "Specifies the PodSpec of the 'workload' action.", @@ -9950,14 +9960,6 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Computed: false, }, - "target_pod_template": schema.StringAttribute{ - Description: "Specifies a TargetPodTemplate defined in the 'opsDefinition.spec.targetPodTemplates'.", - MarkdownDescription: "Specifies a TargetPodTemplate defined in the 'opsDefinition.spec.targetPodTemplates'.", - Required: false, - Optional: true, - Computed: false, - }, - "type": schema.StringAttribute{ Description: "Defines the workload type of the action. Valid values include 'Job' and 'Pod'. - 'Job': Creates a Job to execute the action. - 'Pod': Creates a Pod to execute the action. Note: unlike Jobs, manually deleting a Pod does not affect the 'backoffLimit'.", MarkdownDescription: "Defines the workload type of the action. Valid values include 'Job' and 'Pod'. - 'Job': Creates a Job to execute the action. - 'Pod': Creates a Pod to execute the action. Note: unlike Jobs, manually deleting a Pod does not affect the 'backoffLimit'.", @@ -9980,7 +9982,7 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Computed: false, }, - "component_definition_refs": schema.ListNestedAttribute{ + "component_infos": schema.ListNestedAttribute{ Description: "Specifies a list of ComponentDefinition for Components associated with this OpsDefinition. It also includes connection credentials (address and account) for each Component.", MarkdownDescription: "Specifies a list of ComponentDefinition for Components associated with this OpsDefinition. It also includes connection credentials (address and account) for each Component.", NestedObject: schema.NestedAttributeObject{ @@ -9993,7 +9995,7 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Computed: false, }, - "name": schema.StringAttribute{ + "component_definition_name": schema.StringAttribute{ Description: "Specifies the name of the ComponentDefinition.", MarkdownDescription: "Specifies the name of the ComponentDefinition.", Required: true, @@ -10036,98 +10038,12 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Computed: false, }, - "pre_conditions": schema.ListNestedAttribute{ - Description: "Specifies the preconditions that must be met to run the actions for the operation. if set, it will check the condition before the Component runs this operation. Example: '''yaml preConditions: - rule: expression: '{{ eq .component.status.phase 'Running' }}' message: Component is not in Running status. '''", - MarkdownDescription: "Specifies the preconditions that must be met to run the actions for the operation. if set, it will check the condition before the Component runs this operation. Example: '''yaml preConditions: - rule: expression: '{{ eq .component.status.phase 'Running' }}' message: Component is not in Running status. '''", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "rule": schema.SingleNestedAttribute{ - Description: "Specifies the conditions that must be met for the operation to execute.", - MarkdownDescription: "Specifies the conditions that must be met for the operation to execute.", - Attributes: map[string]schema.Attribute{ - "expression": schema.StringAttribute{ - Description: "Specifies a Go template expression that determines how the operation can be executed. The return value must be either 'true' or 'false'. Available built-in objects that can be referenced in the expression include: - 'params': Input parameters. - 'cluster': The referenced Cluster object. - 'component': The referenced Component object.", - MarkdownDescription: "Specifies a Go template expression that determines how the operation can be executed. The return value must be either 'true' or 'false'. Available built-in objects that can be referenced in the expression include: - 'params': Input parameters. - 'cluster': The referenced Cluster object. - 'component': The referenced Component object.", - Required: true, - Optional: false, - Computed: false, - }, - - "message": schema.StringAttribute{ - Description: "Specifies the error or status message reported if the 'expression' does not evaluate to 'true'.", - MarkdownDescription: "Specifies the error or status message reported if the 'expression' does not evaluate to 'true'.", - Required: true, - Optional: false, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "target_pod_templates": schema.ListNestedAttribute{ - Description: "Specifies a list of TargetPodTemplate, each designed to select a specific Pod and extract selected runtime info from its PodSpec. The extracted information, such as environment variables, volumes and tolerations, are then injected into Jobs or Pods that execute the OpsActions defined in 'actions'.", - MarkdownDescription: "Specifies a list of TargetPodTemplate, each designed to select a specific Pod and extract selected runtime info from its PodSpec. The extracted information, such as environment variables, volumes and tolerations, are then injected into Jobs or Pods that execute the OpsActions defined in 'actions'.", + "pod_info_extractors": schema.ListNestedAttribute{ + Description: "Specifies a list of PodInfoExtractor, each designed to select a specific Pod and extract selected runtime info from its PodSpec. The extracted information, such as environment variables, volumes and tolerations, are then injected into Jobs or Pods that execute the OpsActions defined in 'actions'.", + MarkdownDescription: "Specifies a list of PodInfoExtractor, each designed to select a specific Pod and extract selected runtime info from its PodSpec. The extracted information, such as environment variables, volumes and tolerations, are then injected into Jobs or Pods that execute the OpsActions defined in 'actions'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Specifies the name of the TargetPodTemplate.", - MarkdownDescription: "Specifies the name of the TargetPodTemplate.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(32), - }, - }, - - "pod_selector": schema.SingleNestedAttribute{ - Description: "Used to select the target Pod from which environment variables and volumes are extracted from its PodSpec.", - MarkdownDescription: "Used to select the target Pod from which environment variables and volumes are extracted from its PodSpec.", - Attributes: map[string]schema.Attribute{ - "availability": schema.StringAttribute{ - Description: "Specifies the pod selection criteria based on their availability: - 'Available': Only selects available pods, and terminates the action if none are found. - 'PreferredAvailable': Prioritizes available pods but considers others if none available. - 'None': No availability requirements.", - MarkdownDescription: "Specifies the pod selection criteria based on their availability: - 'Available': Only selects available pods, and terminates the action if none are found. - 'PreferredAvailable': Prioritizes available pods but considers others if none available. - 'None': No availability requirements.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("Available", "PreferredAvailable", "None"), - }, - }, - - "role": schema.StringAttribute{ - Description: "Specifies the role of the target Pod.", - MarkdownDescription: "Specifies the role of the target Pod.", - Required: false, - Optional: true, - Computed: false, - }, - - "selection_policy": schema.StringAttribute{ - Description: "Defines the policy for selecting the target pod when multiple pods match the podSelector. It can be either 'Any' (select any one pod that matches the podSelector) or 'All' (select all pods that match the podSelector).", - MarkdownDescription: "Defines the policy for selecting the target pod when multiple pods match the podSelector. It can be either 'Any' (select any one pod that matches the podSelector) or 'All' (select all pods that match the podSelector).", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("All", "Any"), - }, - }, - }, - Required: true, - Optional: false, - Computed: false, - }, - - "vars": schema.ListNestedAttribute{ + "env": schema.ListNestedAttribute{ Description: "Specifies a list of environment variables to be extracted from a selected Pod, and injected into the containers executing each OpsAction.", MarkdownDescription: "Specifies a list of environment variables to be extracted from a selected Pod, and injected into the containers executing each OpsAction.", NestedObject: schema.NestedAttributeObject{ @@ -10148,14 +10064,6 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Description: "Specifies a reference to a specific environment variable within a container. Used to specify the source of the variable, which can be either 'env' or 'envFrom'.", MarkdownDescription: "Specifies a reference to a specific environment variable within a container. Used to specify the source of the variable, which can be either 'env' or 'envFrom'.", Attributes: map[string]schema.Attribute{ - "container_name": schema.StringAttribute{ - Description: "Specifies the container name in the target Pod. If not specified, the first container will be used by default.", - MarkdownDescription: "Specifies the container name in the target Pod. If not specified, the first container will be used by default.", - Required: false, - Optional: true, - Computed: false, - }, - "env_name": schema.StringAttribute{ Description: "Defines the name of the environment variable. This name can originate from an 'env' entry or be a data key from an 'envFrom' source.", MarkdownDescription: "Defines the name of the environment variable. This name can originate from an 'env' entry or be a data key from an 'envFrom' source.", @@ -10163,18 +10071,43 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Optional: false, Computed: false, }, + + "target_container_name": schema.StringAttribute{ + Description: "Specifies the container name in the target Pod. If not specified, the first container will be used by default.", + MarkdownDescription: "Specifies the container name in the target Pod. If not specified, the first container will be used by default.", + Required: false, + Optional: true, + Computed: false, + }, }, Required: false, Optional: true, Computed: false, }, - "field_path": schema.StringAttribute{ + "field_path": schema.SingleNestedAttribute{ Description: "Represents the JSONPath expression pointing to the specific data within the JSON structure of the target Pod. It is used to extract precise data locations for operations on the Pod.", MarkdownDescription: "Represents the JSONPath expression pointing to the specific data within the JSON structure of the target Pod. It is used to extract precise data locations for operations on the Pod.", - Required: false, - Optional: true, - Computed: false, + Attributes: map[string]schema.Attribute{ + "api_version": schema.StringAttribute{ + Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", + MarkdownDescription: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", + Required: false, + Optional: true, + Computed: false, + }, + + "field_path": schema.StringAttribute{ + Description: "Path of the field to select in the specified API version.", + MarkdownDescription: "Path of the field to select in the specified API version.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, }, }, Required: true, @@ -10188,6 +10121,45 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Computed: false, }, + "name": schema.StringAttribute{ + Description: "Specifies the name of the PodInfoExtractor.", + MarkdownDescription: "Specifies the name of the PodInfoExtractor.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(32), + }, + }, + + "pod_selector": schema.SingleNestedAttribute{ + Description: "Used to select the target Pod from which environment variables and volumes are extracted from its PodSpec.", + MarkdownDescription: "Used to select the target Pod from which environment variables and volumes are extracted from its PodSpec.", + Attributes: map[string]schema.Attribute{ + "multi_pod_selection_policy": schema.StringAttribute{ + Description: "Defines the policy for selecting the target pod when multiple pods match the podSelector. It can be either 'Any' (select any one pod that matches the podSelector) or 'All' (select all pods that match the podSelector).", + MarkdownDescription: "Defines the policy for selecting the target pod when multiple pods match the podSelector. It can be either 'Any' (select any one pod that matches the podSelector) or 'All' (select all pods that match the podSelector).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("All", "Any"), + }, + }, + + "role": schema.StringAttribute{ + Description: "Specifies the role of the target Pod.", + MarkdownDescription: "Specifies the role of the target Pod.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: true, + Optional: false, + Computed: false, + }, + "volume_mounts": schema.ListNestedAttribute{ Description: "Specifies a list of volumes, along with their respective mount points, that are to be extracted from a selected Pod, and mounted onto the containers executing each OpsAction. This allows the containers to access shared or persistent data necessary for the operation.", MarkdownDescription: "Specifies a list of volumes, along with their respective mount points, that are to be extracted from a selected Pod, and mounted onto the containers executing each OpsAction. This allows the containers to access shared or persistent data necessary for the operation.", @@ -10252,6 +10224,42 @@ func (r *AppsKubeblocksIoOpsDefinitionV1Alpha1Manifest) Schema(_ context.Context Optional: true, Computed: false, }, + + "pre_conditions": schema.ListNestedAttribute{ + Description: "Specifies the preconditions that must be met to run the actions for the operation. if set, it will check the condition before the Component runs this operation. Example: '''yaml preConditions: - rule: expression: '{{ eq .component.status.phase 'Running' }}' message: Component is not in Running status. '''", + MarkdownDescription: "Specifies the preconditions that must be met to run the actions for the operation. if set, it will check the condition before the Component runs this operation. Example: '''yaml preConditions: - rule: expression: '{{ eq .component.status.phase 'Running' }}' message: Component is not in Running status. '''", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "rule": schema.SingleNestedAttribute{ + Description: "Specifies the conditions that must be met for the operation to execute.", + MarkdownDescription: "Specifies the conditions that must be met for the operation to execute.", + Attributes: map[string]schema.Attribute{ + "expression": schema.StringAttribute{ + Description: "Specifies a Go template expression that determines how the operation can be executed. The return value must be either 'true' or 'false'. Available built-in objects that can be referenced in the expression include: - 'params': Input parameters. - 'cluster': The referenced Cluster object. - 'component': The referenced Component object.", + MarkdownDescription: "Specifies a Go template expression that determines how the operation can be executed. The return value must be either 'true' or 'false'. Available built-in objects that can be referenced in the expression include: - 'params': Input parameters. - 'cluster': The referenced Cluster object. - 'component': The referenced Component object.", + Required: true, + Optional: false, + Computed: false, + }, + + "message": schema.StringAttribute{ + Description: "Specifies the error or status message reported if the 'expression' does not evaluate to 'true'.", + MarkdownDescription: "Specifies the error or status message reported if the 'expression' does not evaluate to 'true'.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, }, Required: false, Optional: true, diff --git a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_ops_request_v1alpha1_manifest.go b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_ops_request_v1alpha1_manifest.go index 1c949056c..edb2442db 100644 --- a/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_ops_request_v1alpha1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1alpha1/apps_kubeblocks_io_ops_request_v1alpha1_manifest.go @@ -45,6 +45,14 @@ type AppsKubeblocksIoOpsRequestV1Alpha1ManifestData struct { } `tfsdk:"metadata" json:"metadata"` Spec *struct { + Backup *struct { + BackupMethod *string `tfsdk:"backup_method" json:"backupMethod,omitempty"` + BackupName *string `tfsdk:"backup_name" json:"backupName,omitempty"` + BackupPolicyName *string `tfsdk:"backup_policy_name" json:"backupPolicyName,omitempty"` + DeletionPolicy *string `tfsdk:"deletion_policy" json:"deletionPolicy,omitempty"` + ParentBackupName *string `tfsdk:"parent_backup_name" json:"parentBackupName,omitempty"` + RetentionPeriod *string `tfsdk:"retention_period" json:"retentionPeriod,omitempty"` + } `tfsdk:"backup" json:"backup,omitempty"` BackupSpec *struct { BackupMethod *string `tfsdk:"backup_method" json:"backupMethod,omitempty"` BackupName *string `tfsdk:"backup_name" json:"backupName,omitempty"` @@ -53,9 +61,10 @@ type AppsKubeblocksIoOpsRequestV1Alpha1ManifestData struct { ParentBackupName *string `tfsdk:"parent_backup_name" json:"parentBackupName,omitempty"` RetentionPeriod *string `tfsdk:"retention_period" json:"retentionPeriod,omitempty"` } `tfsdk:"backup_spec" json:"backupSpec,omitempty"` - Cancel *bool `tfsdk:"cancel" json:"cancel,omitempty"` - ClusterRef *string `tfsdk:"cluster_ref" json:"clusterRef,omitempty"` - CustomSpec *struct { + Cancel *bool `tfsdk:"cancel" json:"cancel,omitempty"` + ClusterName *string `tfsdk:"cluster_name" json:"clusterName,omitempty"` + ClusterRef *string `tfsdk:"cluster_ref" json:"clusterRef,omitempty"` + Custom *struct { Components *[]struct { ComponentName *string `tfsdk:"component_name" json:"componentName,omitempty"` Parameters *[]struct { @@ -63,10 +72,10 @@ type AppsKubeblocksIoOpsRequestV1Alpha1ManifestData struct { Value *string `tfsdk:"value" json:"value,omitempty"` } `tfsdk:"parameters" json:"parameters,omitempty"` } `tfsdk:"components" json:"components,omitempty"` - OpsDefinitionRef *string `tfsdk:"ops_definition_ref" json:"opsDefinitionRef,omitempty"` - Parallelism *string `tfsdk:"parallelism" json:"parallelism,omitempty"` - ServiceAccountName *string `tfsdk:"service_account_name" json:"serviceAccountName,omitempty"` - } `tfsdk:"custom_spec" json:"customSpec,omitempty"` + MaxConcurrentComponents *string `tfsdk:"max_concurrent_components" json:"maxConcurrentComponents,omitempty"` + OpsDefinitionName *string `tfsdk:"ops_definition_name" json:"opsDefinitionName,omitempty"` + ServiceAccountName *string `tfsdk:"service_account_name" json:"serviceAccountName,omitempty"` + } `tfsdk:"custom" json:"custom,omitempty"` Expose *[]struct { ComponentName *string `tfsdk:"component_name" json:"componentName,omitempty"` Services *[]struct { @@ -74,6 +83,7 @@ type AppsKubeblocksIoOpsRequestV1Alpha1ManifestData struct { IpFamilies *[]string `tfsdk:"ip_families" json:"ipFamilies,omitempty"` IpFamilyPolicy *string `tfsdk:"ip_family_policy" json:"ipFamilyPolicy,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` + PodSelector *map[string]string `tfsdk:"pod_selector" json:"podSelector,omitempty"` Ports *[]struct { AppProtocol *string `tfsdk:"app_protocol" json:"appProtocol,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` @@ -82,9 +92,8 @@ type AppsKubeblocksIoOpsRequestV1Alpha1ManifestData struct { Protocol *string `tfsdk:"protocol" json:"protocol,omitempty"` TargetPort *string `tfsdk:"target_port" json:"targetPort,omitempty"` } `tfsdk:"ports" json:"ports,omitempty"` - RoleSelector *string `tfsdk:"role_selector" json:"roleSelector,omitempty"` - Selector *map[string]string `tfsdk:"selector" json:"selector,omitempty"` - ServiceType *string `tfsdk:"service_type" json:"serviceType,omitempty"` + RoleSelector *string `tfsdk:"role_selector" json:"roleSelector,omitempty"` + ServiceType *string `tfsdk:"service_type" json:"serviceType,omitempty"` } `tfsdk:"services" json:"services,omitempty"` Switch *string `tfsdk:"switch" json:"switch,omitempty"` } `tfsdk:"expose" json:"expose,omitempty"` @@ -462,14 +471,15 @@ type AppsKubeblocksIoOpsRequestV1Alpha1ManifestData struct { OfflineInstances *[]string `tfsdk:"offline_instances" json:"offlineInstances,omitempty"` Replicas *int64 `tfsdk:"replicas" json:"replicas,omitempty"` } `tfsdk:"horizontal_scaling" json:"horizontalScaling,omitempty"` - RebuildFrom *[]struct { - BackupName *string `tfsdk:"backup_name" json:"backupName,omitempty"` - ComponentName *string `tfsdk:"component_name" json:"componentName,omitempty"` - EnvForRestore *map[string]string `tfsdk:"env_for_restore" json:"envForRestore,omitempty"` + PreConditionDeadlineSeconds *int64 `tfsdk:"pre_condition_deadline_seconds" json:"preConditionDeadlineSeconds,omitempty"` + RebuildFrom *[]struct { + BackupName *string `tfsdk:"backup_name" json:"backupName,omitempty"` + ComponentName *string `tfsdk:"component_name" json:"componentName,omitempty"` Instances *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` TargetNodeName *string `tfsdk:"target_node_name" json:"targetNodeName,omitempty"` } `tfsdk:"instances" json:"instances,omitempty"` + RestoreEnv *map[string]string `tfsdk:"restore_env" json:"restoreEnv,omitempty"` } `tfsdk:"rebuild_from" json:"rebuildFrom,omitempty"` Reconfigure *struct { ComponentName *string `tfsdk:"component_name" json:"componentName,omitempty"` @@ -504,25 +514,16 @@ type AppsKubeblocksIoOpsRequestV1Alpha1ManifestData struct { Restart *[]struct { ComponentName *string `tfsdk:"component_name" json:"componentName,omitempty"` } `tfsdk:"restart" json:"restart,omitempty"` - RestoreFrom *struct { - Backup *[]struct { - Ref *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"ref" json:"ref,omitempty"` - } `tfsdk:"backup" json:"backup,omitempty"` - PointInTime *struct { - Ref *struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - } `tfsdk:"ref" json:"ref,omitempty"` - Time *string `tfsdk:"time" json:"time,omitempty"` - } `tfsdk:"point_in_time" json:"pointInTime,omitempty"` - } `tfsdk:"restore_from" json:"restoreFrom,omitempty"` + Restore *struct { + BackupName *string `tfsdk:"backup_name" json:"backupName,omitempty"` + DeferPostReadyUntilClusterRunning *bool `tfsdk:"defer_post_ready_until_cluster_running" json:"deferPostReadyUntilClusterRunning,omitempty"` + RestorePointInTime *string `tfsdk:"restore_point_in_time" json:"restorePointInTime,omitempty"` + VolumeRestorePolicy *string `tfsdk:"volume_restore_policy" json:"volumeRestorePolicy,omitempty"` + } `tfsdk:"restore" json:"restore,omitempty"` RestoreSpec *struct { BackupName *string `tfsdk:"backup_name" json:"backupName,omitempty"` - DoReadyRestoreAfterClusterRunning *bool `tfsdk:"do_ready_restore_after_cluster_running" json:"doReadyRestoreAfterClusterRunning,omitempty"` - RestoreTimeStr *string `tfsdk:"restore_time_str" json:"restoreTimeStr,omitempty"` + DeferPostReadyUntilClusterRunning *bool `tfsdk:"defer_post_ready_until_cluster_running" json:"deferPostReadyUntilClusterRunning,omitempty"` + RestorePointInTime *string `tfsdk:"restore_point_in_time" json:"restorePointInTime,omitempty"` VolumeRestorePolicy *string `tfsdk:"volume_restore_policy" json:"volumeRestorePolicy,omitempty"` } `tfsdk:"restore_spec" json:"restoreSpec,omitempty"` ScriptSpec *struct { @@ -560,7 +561,6 @@ type AppsKubeblocksIoOpsRequestV1Alpha1ManifestData struct { InstanceName *string `tfsdk:"instance_name" json:"instanceName,omitempty"` } `tfsdk:"switchover" json:"switchover,omitempty"` TtlSecondsAfterSucceed *int64 `tfsdk:"ttl_seconds_after_succeed" json:"ttlSecondsAfterSucceed,omitempty"` - TtlSecondsBeforeAbort *int64 `tfsdk:"ttl_seconds_before_abort" json:"ttlSecondsBeforeAbort,omitempty"` Type *string `tfsdk:"type" json:"type,omitempty"` Upgrade *struct { ClusterVersionRef *string `tfsdk:"cluster_version_ref" json:"clusterVersionRef,omitempty"` @@ -660,7 +660,7 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Description: "OpsRequestSpec defines the desired state of OpsRequest", MarkdownDescription: "OpsRequestSpec defines the desired state of OpsRequest", Attributes: map[string]schema.Attribute{ - "backup_spec": schema.SingleNestedAttribute{ + "backup": schema.SingleNestedAttribute{ Description: "Specifies the parameters to backup a Cluster.", MarkdownDescription: "Specifies the parameters to backup a Cluster.", Attributes: map[string]schema.Attribute{ @@ -720,6 +720,66 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, + "backup_spec": schema.SingleNestedAttribute{ + Description: "Deprecated: since v0.9, use backup instead. Specifies the parameters to backup a Cluster.", + MarkdownDescription: "Deprecated: since v0.9, use backup instead. Specifies the parameters to backup a Cluster.", + Attributes: map[string]schema.Attribute{ + "backup_method": schema.StringAttribute{ + Description: "Specifies the name of BackupMethod. The specified BackupMethod must be defined in the BackupPolicy.", + MarkdownDescription: "Specifies the name of BackupMethod. The specified BackupMethod must be defined in the BackupPolicy.", + Required: false, + Optional: true, + Computed: false, + }, + + "backup_name": schema.StringAttribute{ + Description: "Specifies the name of the Backup custom resource.", + MarkdownDescription: "Specifies the name of the Backup custom resource.", + Required: false, + Optional: true, + Computed: false, + }, + + "backup_policy_name": schema.StringAttribute{ + Description: "Indicates the name of the BackupPolicy applied to perform this Backup.", + MarkdownDescription: "Indicates the name of the BackupPolicy applied to perform this Backup.", + Required: false, + Optional: true, + Computed: false, + }, + + "deletion_policy": schema.StringAttribute{ + Description: "Determines whether the backup contents stored in backup repository should be deleted when the Backup custom resource is deleted. Supported values are 'Retain' and 'Delete'. - 'Retain' means that the backup content and its physical snapshot on backup repository are kept. - 'Delete' means that the backup content and its physical snapshot on backup repository are deleted.", + MarkdownDescription: "Determines whether the backup contents stored in backup repository should be deleted when the Backup custom resource is deleted. Supported values are 'Retain' and 'Delete'. - 'Retain' means that the backup content and its physical snapshot on backup repository are kept. - 'Delete' means that the backup content and its physical snapshot on backup repository are deleted.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Delete", "Retain"), + }, + }, + + "parent_backup_name": schema.StringAttribute{ + Description: "If the specified BackupMethod is incremental, 'parentBackupName' is required.", + MarkdownDescription: "If the specified BackupMethod is incremental, 'parentBackupName' is required.", + Required: false, + Optional: true, + Computed: false, + }, + + "retention_period": schema.StringAttribute{ + Description: "Determines the duration for which the Backup custom resources should be retained. The controller will automatically remove all Backup objects that are older than the specified RetentionPeriod. For example, RetentionPeriod of '30d' will keep only the Backup objects of last 30 days. Sample duration format: - years: 2y - months: 6mo - days: 30d - hours: 12h - minutes: 30m You can also combine the above durations. For example: 30d12h30m. If not set, the Backup objects will be kept forever. If the 'deletionPolicy' is set to 'Delete', then the associated backup data will also be deleted along with the Backup object. Otherwise, only the Backup custom resource will be deleted.", + MarkdownDescription: "Determines the duration for which the Backup custom resources should be retained. The controller will automatically remove all Backup objects that are older than the specified RetentionPeriod. For example, RetentionPeriod of '30d' will keep only the Backup objects of last 30 days. Sample duration format: - years: 2y - months: 6mo - days: 30d - hours: 12h - minutes: 30m You can also combine the above durations. For example: 30d12h30m. If not set, the Backup objects will be kept forever. If the 'deletionPolicy' is set to 'Delete', then the associated backup data will also be deleted along with the Backup object. Otherwise, only the Backup custom resource will be deleted.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "cancel": schema.BoolAttribute{ Description: "Indicates whether the current operation should be canceled and terminated gracefully if it's in the 'Pending', 'Creating', or 'Running' state. This field applies only to 'VerticalScaling' and 'HorizontalScaling' opsRequests. Note: Setting 'cancel' to true is irreversible; further modifications to this field are ineffective.", MarkdownDescription: "Indicates whether the current operation should be canceled and terminated gracefully if it's in the 'Pending', 'Creating', or 'Running' state. This field applies only to 'VerticalScaling' and 'HorizontalScaling' opsRequests. Note: Setting 'cancel' to true is irreversible; further modifications to this field are ineffective.", @@ -728,15 +788,23 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, - "cluster_ref": schema.StringAttribute{ + "cluster_name": schema.StringAttribute{ Description: "Specifies the name of the Cluster resource that this operation is targeting.", MarkdownDescription: "Specifies the name of the Cluster resource that this operation is targeting.", - Required: true, - Optional: false, + Required: false, + Optional: true, + Computed: false, + }, + + "cluster_ref": schema.StringAttribute{ + Description: "Deprecated: since v0.9, use clusterName instead. Specifies the name of the Cluster resource that this operation is targeting.", + MarkdownDescription: "Deprecated: since v0.9, use clusterName instead. Specifies the name of the Cluster resource that this operation is targeting.", + Required: false, + Optional: true, Computed: false, }, - "custom_spec": schema.SingleNestedAttribute{ + "custom": schema.SingleNestedAttribute{ Description: "Specifies a custom operation defined by OpsDefinition.", MarkdownDescription: "Specifies a custom operation defined by OpsDefinition.", Attributes: map[string]schema.Attribute{ @@ -786,15 +854,7 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, - "ops_definition_ref": schema.StringAttribute{ - Description: "Specifies the name of the OpsDefinition.", - MarkdownDescription: "Specifies the name of the OpsDefinition.", - Required: true, - Optional: false, - Computed: false, - }, - - "parallelism": schema.StringAttribute{ + "max_concurrent_components": schema.StringAttribute{ Description: "Specifies the maximum number of components to be operated on concurrently to mitigate performance impact on clusters with multiple components. It accepts an absolute number (e.g., 5) or a percentage of components to execute in parallel (e.g., '10%'). Percentages are rounded up to the nearest whole number of components. For example, if '10%' results in less than one, it rounds up to 1. When unspecified, all components are processed simultaneously by default. Note: This feature is not implemented yet.", MarkdownDescription: "Specifies the maximum number of components to be operated on concurrently to mitigate performance impact on clusters with multiple components. It accepts an absolute number (e.g., 5) or a percentage of components to execute in parallel (e.g., '10%'). Percentages are rounded up to the nearest whole number of components. For example, if '10%' results in less than one, it rounds up to 1. When unspecified, all components are processed simultaneously by default. Note: This feature is not implemented yet.", Required: false, @@ -802,6 +862,14 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, + "ops_definition_name": schema.StringAttribute{ + Description: "Specifies the name of the OpsDefinition.", + MarkdownDescription: "Specifies the name of the OpsDefinition.", + Required: true, + Optional: false, + Computed: false, + }, + "service_account_name": schema.StringAttribute{ Description: "Specifies the name of the ServiceAccount to be used for executing the custom operation.", MarkdownDescription: "Specifies the name of the ServiceAccount to be used for executing the custom operation.", @@ -867,6 +935,15 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, + "pod_selector": schema.MapAttribute{ + Description: "Routes service traffic to pods with matching label keys and values. If specified, the service will only be exposed to pods matching the selector. Note: At least one of 'roleSelector' or 'selector' must be specified. If both are specified, a pod must match both conditions to be selected.", + MarkdownDescription: "Routes service traffic to pods with matching label keys and values. If specified, the service will only be exposed to pods matching the selector. Note: At least one of 'roleSelector' or 'selector' must be specified. If both are specified, a pod must match both conditions to be selected.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "ports": schema.ListNestedAttribute{ Description: "Specifies Port definitions that are to be exposed by a ClusterService. If not specified, the Port definitions from non-NodePort and non-LoadBalancer type ComponentService defined in the ComponentDefinition ('componentDefinition.spec.services') will be used. If no matching ComponentService is found, the expose operation will fail. More info: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports", MarkdownDescription: "Specifies Port definitions that are to be exposed by a ClusterService. If not specified, the Port definitions from non-NodePort and non-LoadBalancer type ComponentService defined in the ComponentDefinition ('componentDefinition.spec.services') will be used. If no matching ComponentService is found, the expose operation will fail. More info: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports", @@ -934,15 +1011,6 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, - "selector": schema.MapAttribute{ - Description: "Routes service traffic to pods with matching label keys and values. If specified, the service will only be exposed to pods matching the selector. Note: At least one of 'roleSelector' or 'selector' must be specified. If both are specified, a pod must match both conditions to be selected.", - MarkdownDescription: "Routes service traffic to pods with matching label keys and values. If specified, the service will only be exposed to pods matching the selector. Note: At least one of 'roleSelector' or 'selector' must be specified. If both are specified, a pod must match both conditions to be selected.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - "service_type": schema.StringAttribute{ Description: "Determines how the Service is exposed. Defaults to 'ClusterIP'. Valid options are 'ClusterIP', 'NodePort', and 'LoadBalancer'. - 'ClusterIP': allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. - 'NodePort': builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. - 'LoadBalancer': builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for the expose operation. For more info, see: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types.", MarkdownDescription: "Determines how the Service is exposed. Defaults to 'ClusterIP'. Valid options are 'ClusterIP', 'NodePort', and 'LoadBalancer'. - 'ClusterIP': allocates a cluster-internal IP address for load-balancing to endpoints. Endpoints are determined by the selector or if that is not specified, they are determined by manual construction of an Endpoints object or EndpointSlice objects. - 'NodePort': builds on ClusterIP and allocates a port on every node which routes to the same endpoints as the clusterIP. - 'LoadBalancer': builds on NodePort and creates an external load-balancer (if supported in the current cloud) which routes to the same endpoints as the clusterIP. Note: although K8s Service type allows the 'ExternalName' type, it is not a valid option for the expose operation. For more info, see: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types.", @@ -3490,6 +3558,14 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, + "pre_condition_deadline_seconds": schema.Int64Attribute{ + Description: "Specifies the maximum time in seconds that the OpsRequest will wait for its pre-conditions to be met before it aborts the operation. If set to 0 (default), pre-conditions must be satisfied immediately for the OpsRequest to proceed.", + MarkdownDescription: "Specifies the maximum time in seconds that the OpsRequest will wait for its pre-conditions to be met before it aborts the operation. If set to 0 (default), pre-conditions must be satisfied immediately for the OpsRequest to proceed.", + Required: false, + Optional: true, + Computed: false, + }, + "rebuild_from": schema.ListNestedAttribute{ Description: "Specifies the parameters to rebuild some instances. Rebuilding an instance involves restoring its data from a backup or another database replica. The instances being rebuilt usually serve as standby in the cluster. Hence rebuilding instances is often also referred to as 'standby reconstruction'.", MarkdownDescription: "Specifies the parameters to rebuild some instances. Rebuilding an instance involves restoring its data from a backup or another database replica. The instances being rebuilt usually serve as standby in the cluster. Hence rebuilding instances is often also referred to as 'standby reconstruction'.", @@ -3511,15 +3587,6 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, - "env_for_restore": schema.MapAttribute{ - Description: "Defines container environment variables for the restore process. merged with the ones specified in the Backup and ActionSet resources. Merge priority: Restore env > Backup env > ActionSet env. Purpose: Some databases require different configurations when being restored as a standby compared to being restored as a primary. For example, when restoring MySQL as a replica, you need to set 'skip_slave_start='ON'' for 5.7 or 'skip_replica_start='ON'' for 8.0. Allowing environment variables to be passed in makes it more convenient to control these behavioral differences during the restore process.", - MarkdownDescription: "Defines container environment variables for the restore process. merged with the ones specified in the Backup and ActionSet resources. Merge priority: Restore env > Backup env > ActionSet env. Purpose: Some databases require different configurations when being restored as a standby compared to being restored as a primary. For example, when restoring MySQL as a replica, you need to set 'skip_slave_start='ON'' for 5.7 or 'skip_replica_start='ON'' for 8.0. Allowing environment variables to be passed in makes it more convenient to control these behavioral differences during the restore process.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - "instances": schema.ListNestedAttribute{ Description: "Specifies the instances (Pods) that need to be rebuilt, typically operating as standbys.", MarkdownDescription: "Specifies the instances (Pods) that need to be rebuilt, typically operating as standbys.", @@ -3546,6 +3613,15 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Optional: false, Computed: false, }, + + "restore_env": schema.MapAttribute{ + Description: "Defines container environment variables for the restore process. merged with the ones specified in the Backup and ActionSet resources. Merge priority: Restore env > Backup env > ActionSet env. Purpose: Some databases require different configurations when being restored as a standby compared to being restored as a primary. For example, when restoring MySQL as a replica, you need to set 'skip_slave_start='ON'' for 5.7 or 'skip_replica_start='ON'' for 8.0. Allowing environment variables to be passed in makes it more convenient to control these behavioral differences during the restore process.", + MarkdownDescription: "Defines container environment variables for the restore process. merged with the ones specified in the Backup and ActionSet resources. Merge priority: Restore env > Backup env > ActionSet env. Purpose: Some databases require different configurations when being restored as a standby compared to being restored as a primary. For example, when restoring MySQL as a replica, you need to set 'skip_slave_start='ON'' for 5.7 or 'skip_replica_start='ON'' for 8.0. Allowing environment variables to be passed in makes it more convenient to control these behavioral differences during the restore process.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, }, }, Required: false, @@ -3784,89 +3860,43 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, - "restore_from": schema.SingleNestedAttribute{ - Description: "Cluster RestoreFrom backup or point in time.", - MarkdownDescription: "Cluster RestoreFrom backup or point in time.", + "restore": schema.SingleNestedAttribute{ + Description: "Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services.", + MarkdownDescription: "Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services.", Attributes: map[string]schema.Attribute{ - "backup": schema.ListNestedAttribute{ - Description: "Refers to the backup name and component name used for restoration. Supports recovery of multiple Components.", - MarkdownDescription: "Refers to the backup name and component name used for restoration. Supports recovery of multiple Components.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "ref": schema.SingleNestedAttribute{ - Description: "Refers to a reference backup that needs to be restored.", - MarkdownDescription: "Refers to a reference backup that needs to be restored.", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Refers to the specific name of the resource.", - MarkdownDescription: "Refers to the specific name of the resource.", - Required: false, - Optional: true, - Computed: false, - }, - - "namespace": schema.StringAttribute{ - Description: "Refers to the specific namespace of the resource.", - MarkdownDescription: "Refers to the specific namespace of the resource.", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, + "backup_name": schema.StringAttribute{ + Description: "Specifies the name of the Backup custom resource.", + MarkdownDescription: "Specifies the name of the Backup custom resource.", + Required: true, + Optional: false, + Computed: false, }, - "point_in_time": schema.SingleNestedAttribute{ - Description: "Refers to the specific point in time for recovery.", - MarkdownDescription: "Refers to the specific point in time for recovery.", - Attributes: map[string]schema.Attribute{ - "ref": schema.SingleNestedAttribute{ - Description: "Refers to a reference source cluster that needs to be restored.", - MarkdownDescription: "Refers to a reference source cluster that needs to be restored.", - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Refers to the specific name of the resource.", - MarkdownDescription: "Refers to the specific name of the resource.", - Required: false, - Optional: true, - Computed: false, - }, + "defer_post_ready_until_cluster_running": schema.BoolAttribute{ + Description: "Controls the timing of PostReady actions during the recovery process. If false (default), PostReady actions execute when the Component reaches the 'Running' state. If true, PostReady actions are delayed until the entire Cluster is 'Running,' ensuring the cluster's overall stability before proceeding. This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions.", + MarkdownDescription: "Controls the timing of PostReady actions during the recovery process. If false (default), PostReady actions execute when the Component reaches the 'Running' state. If true, PostReady actions are delayed until the entire Cluster is 'Running,' ensuring the cluster's overall stability before proceeding. This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions.", + Required: false, + Optional: true, + Computed: false, + }, - "namespace": schema.StringAttribute{ - Description: "Refers to the specific namespace of the resource.", - MarkdownDescription: "Refers to the specific namespace of the resource.", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, + "restore_point_in_time": schema.StringAttribute{ + Description: "Specifies the point in time to which the restore should be performed. Supported time formats: - RFC3339 format, e.g. '2023-11-25T18:52:53Z' - A human-readable date-time format, e.g. 'Jul 25,2023 18:52:53 UTC+0800'", + MarkdownDescription: "Specifies the point in time to which the restore should be performed. Supported time formats: - RFC3339 format, e.g. '2023-11-25T18:52:53Z' - A human-readable date-time format, e.g. 'Jul 25,2023 18:52:53 UTC+0800'", + Required: false, + Optional: true, + Computed: false, + }, - "time": schema.StringAttribute{ - Description: "Refers to the specific time point for restoration, with UTC as the time zone.", - MarkdownDescription: "Refers to the specific time point for restoration, with UTC as the time zone.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - validators.DateTime64Validator(), - }, - }, + "volume_restore_policy": schema.StringAttribute{ + Description: "Specifies the policy for restoring volume claims of a Component's Pods. It determines whether the volume claims should be restored sequentially (one by one) or in parallel (all at once). Support values: - 'Serial' - 'Parallel'", + MarkdownDescription: "Specifies the policy for restoring volume claims of a Component's Pods. It determines whether the volume claims should be restored sequentially (one by one) or in parallel (all at once). Support values: - 'Serial' - 'Parallel'", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Serial", "Parallel"), }, - Required: false, - Optional: true, - Computed: false, }, }, Required: false, @@ -3875,8 +3905,8 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ }, "restore_spec": schema.SingleNestedAttribute{ - Description: "Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services.", - MarkdownDescription: "Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services.", + Description: "Deprecated: since v0.9, use restore instead. Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services.", + MarkdownDescription: "Deprecated: since v0.9, use restore instead. Specifies the parameters to restore a Cluster. Note that this restore operation will roll back cluster services.", Attributes: map[string]schema.Attribute{ "backup_name": schema.StringAttribute{ Description: "Specifies the name of the Backup custom resource.", @@ -3886,7 +3916,7 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, - "do_ready_restore_after_cluster_running": schema.BoolAttribute{ + "defer_post_ready_until_cluster_running": schema.BoolAttribute{ Description: "Controls the timing of PostReady actions during the recovery process. If false (default), PostReady actions execute when the Component reaches the 'Running' state. If true, PostReady actions are delayed until the entire Cluster is 'Running,' ensuring the cluster's overall stability before proceeding. This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions.", MarkdownDescription: "Controls the timing of PostReady actions during the recovery process. If false (default), PostReady actions execute when the Component reaches the 'Running' state. If true, PostReady actions are delayed until the entire Cluster is 'Running,' ensuring the cluster's overall stability before proceeding. This setting is useful for coordinating PostReady operations across the Cluster for optimal cluster conditions.", Required: false, @@ -3894,7 +3924,7 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, - "restore_time_str": schema.StringAttribute{ + "restore_point_in_time": schema.StringAttribute{ Description: "Specifies the point in time to which the restore should be performed. Supported time formats: - RFC3339 format, e.g. '2023-11-25T18:52:53Z' - A human-readable date-time format, e.g. 'Jul 25,2023 18:52:53 UTC+0800'", MarkdownDescription: "Specifies the point in time to which the restore should be performed. Supported time formats: - RFC3339 format, e.g. '2023-11-25T18:52:53Z' - A human-readable date-time format, e.g. 'Jul 25,2023 18:52:53 UTC+0800'", Required: false, @@ -4157,14 +4187,6 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ Computed: false, }, - "ttl_seconds_before_abort": schema.Int64Attribute{ - Description: "Specifies the maximum time in seconds that the OpsRequest will wait for its pre-conditions to be met before it aborts the operation. If set to 0 (default), pre-conditions must be satisfied immediately for the OpsRequest to proceed.", - MarkdownDescription: "Specifies the maximum time in seconds that the OpsRequest will wait for its pre-conditions to be met before it aborts the operation. If set to 0 (default), pre-conditions must be satisfied immediately for the OpsRequest to proceed.", - Required: false, - Optional: true, - Computed: false, - }, - "type": schema.StringAttribute{ Description: "Specifies the type of this operation. Supported types include 'Start', 'Stop', 'Restart', 'Switchover', 'VerticalScaling', 'HorizontalScaling', 'VolumeExpansion', 'Reconfiguring', 'Upgrade', 'Backup', 'Restore', 'Expose', 'DataScript', 'RebuildInstance', 'Custom'. Note: This field is immutable once set.", MarkdownDescription: "Specifies the type of this operation. Supported types include 'Start', 'Stop', 'Restart', 'Switchover', 'VerticalScaling', 'HorizontalScaling', 'VolumeExpansion', 'Reconfiguring', 'Upgrade', 'Backup', 'Restore', 'Expose', 'DataScript', 'RebuildInstance', 'Custom'. Note: This field is immutable once set.", @@ -4216,8 +4238,8 @@ func (r *AppsKubeblocksIoOpsRequestV1Alpha1Manifest) Schema(_ context.Context, _ }, "instances": schema.ListNestedAttribute{ - Description: "Specifies the instance template that need to volume expand.", - MarkdownDescription: "Specifies the instance template that need to volume expand.", + Description: "Specifies the desired storage size of the instance template that need to volume expand.", + MarkdownDescription: "Specifies the desired storage size of the instance template that need to volume expand.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ diff --git a/internal/provider/apps_kubeblocks_io_v1beta1/apps_kubeblocks_io_config_constraint_v1beta1_manifest.go b/internal/provider/apps_kubeblocks_io_v1beta1/apps_kubeblocks_io_config_constraint_v1beta1_manifest.go index dd214e4ab..beb699939 100644 --- a/internal/provider/apps_kubeblocks_io_v1beta1/apps_kubeblocks_io_config_constraint_v1beta1_manifest.go +++ b/internal/provider/apps_kubeblocks_io_v1beta1/apps_kubeblocks_io_config_constraint_v1beta1_manifest.go @@ -46,9 +46,9 @@ type AppsKubeblocksIoConfigConstraintV1Beta1ManifestData struct { ConfigSchema *struct { Cue *string `tfsdk:"cue" json:"cue,omitempty"` SchemaInJSON *map[string]string `tfsdk:"schema_in_json" json:"schemaInJSON,omitempty"` + TopLevelKey *string `tfsdk:"top_level_key" json:"topLevelKey,omitempty"` } `tfsdk:"config_schema" json:"configSchema,omitempty"` - ConfigSchemaTopLevelKey *string `tfsdk:"config_schema_top_level_key" json:"configSchemaTopLevelKey,omitempty"` - DownwardActions *[]struct { + DownwardAPITriggeredActions *[]struct { Command *[]string `tfsdk:"command" json:"command,omitempty"` Items *[]struct { FieldRef *struct { @@ -63,21 +63,44 @@ type AppsKubeblocksIoConfigConstraintV1Beta1ManifestData struct { Resource *string `tfsdk:"resource" json:"resource,omitempty"` } `tfsdk:"resource_field_ref" json:"resourceFieldRef,omitempty"` } `tfsdk:"items" json:"items,omitempty"` - MountPoint *string `tfsdk:"mount_point" json:"mountPoint,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"downward_actions" json:"downwardActions,omitempty"` - DynamicActionCanBeMerged *bool `tfsdk:"dynamic_action_can_be_merged" json:"dynamicActionCanBeMerged,omitempty"` - DynamicParameterSelectedPolicy *string `tfsdk:"dynamic_parameter_selected_policy" json:"dynamicParameterSelectedPolicy,omitempty"` - DynamicParameters *[]string `tfsdk:"dynamic_parameters" json:"dynamicParameters,omitempty"` - DynamicReloadAction *struct { + MountPoint *string `tfsdk:"mount_point" json:"mountPoint,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ScriptConfig *struct { + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + ScriptConfigMapRef *string `tfsdk:"script_config_map_ref" json:"scriptConfigMapRef,omitempty"` + } `tfsdk:"script_config" json:"scriptConfig,omitempty"` + } `tfsdk:"downward_api_triggered_actions" json:"downwardAPITriggeredActions,omitempty"` + DynamicParameters *[]string `tfsdk:"dynamic_parameters" json:"dynamicParameters,omitempty"` + FileFormatConfig *struct { + Format *string `tfsdk:"format" json:"format,omitempty"` + IniConfig *struct { + SectionName *string `tfsdk:"section_name" json:"sectionName,omitempty"` + } `tfsdk:"ini_config" json:"iniConfig,omitempty"` + } `tfsdk:"file_format_config" json:"fileFormatConfig,omitempty"` + ImmutableParameters *[]string `tfsdk:"immutable_parameters" json:"immutableParameters,omitempty"` + MergeReloadAndRestart *bool `tfsdk:"merge_reload_and_restart" json:"mergeReloadAndRestart,omitempty"` + ReloadAction *struct { AutoTrigger *struct { ProcessName *string `tfsdk:"process_name" json:"processName,omitempty"` } `tfsdk:"auto_trigger" json:"autoTrigger,omitempty"` ShellTrigger *struct { - BatchParametersTemplate *string `tfsdk:"batch_parameters_template" json:"batchParametersTemplate,omitempty"` - BatchReload *bool `tfsdk:"batch_reload" json:"batchReload,omitempty"` - Command *[]string `tfsdk:"command" json:"command,omitempty"` - Sync *bool `tfsdk:"sync" json:"sync,omitempty"` + BatchParamsFormatterTemplate *string `tfsdk:"batch_params_formatter_template" json:"batchParamsFormatterTemplate,omitempty"` + BatchReload *bool `tfsdk:"batch_reload" json:"batchReload,omitempty"` + Command *[]string `tfsdk:"command" json:"command,omitempty"` + ScriptConfig *struct { + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + ScriptConfigMapRef *string `tfsdk:"script_config_map_ref" json:"scriptConfigMapRef,omitempty"` + } `tfsdk:"script_config" json:"scriptConfig,omitempty"` + Sync *bool `tfsdk:"sync" json:"sync,omitempty"` + ToolsSetup *struct { + MountPoint *string `tfsdk:"mount_point" json:"mountPoint,omitempty"` + ToolConfigs *[]struct { + AsContainerImage *bool `tfsdk:"as_container_image" json:"asContainerImage,omitempty"` + Command *[]string `tfsdk:"command" json:"command,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + } `tfsdk:"tool_configs" json:"toolConfigs,omitempty"` + } `tfsdk:"tools_setup" json:"toolsSetup,omitempty"` } `tfsdk:"shell_trigger" json:"shellTrigger,omitempty"` TplScriptTrigger *struct { Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` @@ -88,35 +111,16 @@ type AppsKubeblocksIoConfigConstraintV1Beta1ManifestData struct { ProcessName *string `tfsdk:"process_name" json:"processName,omitempty"` Signal *string `tfsdk:"signal" json:"signal,omitempty"` } `tfsdk:"unix_signal_trigger" json:"unixSignalTrigger,omitempty"` - } `tfsdk:"dynamic_reload_action" json:"dynamicReloadAction,omitempty"` - DynamicReloadSelector *struct { + } `tfsdk:"reload_action" json:"reloadAction,omitempty"` + ReloadStaticParamsBeforeRestart *bool `tfsdk:"reload_static_params_before_restart" json:"reloadStaticParamsBeforeRestart,omitempty"` + ReloadedPodSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` Operator *string `tfsdk:"operator" json:"operator,omitempty"` Values *[]string `tfsdk:"values" json:"values,omitempty"` } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` - } `tfsdk:"dynamic_reload_selector" json:"dynamicReloadSelector,omitempty"` - FormatterConfig *struct { - Format *string `tfsdk:"format" json:"format,omitempty"` - IniConfig *struct { - SectionName *string `tfsdk:"section_name" json:"sectionName,omitempty"` - } `tfsdk:"ini_config" json:"iniConfig,omitempty"` - } `tfsdk:"formatter_config" json:"formatterConfig,omitempty"` - ImmutableParameters *[]string `tfsdk:"immutable_parameters" json:"immutableParameters,omitempty"` - ReloadToolsImage *struct { - MountPoint *string `tfsdk:"mount_point" json:"mountPoint,omitempty"` - ToolConfigs *[]struct { - AsContainerImage *bool `tfsdk:"as_container_image" json:"asContainerImage,omitempty"` - Command *[]string `tfsdk:"command" json:"command,omitempty"` - Image *string `tfsdk:"image" json:"image,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"tool_configs" json:"toolConfigs,omitempty"` - } `tfsdk:"reload_tools_image" json:"reloadToolsImage,omitempty"` - ScriptConfigs *[]struct { - Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` - ScriptConfigMapRef *string `tfsdk:"script_config_map_ref" json:"scriptConfigMapRef,omitempty"` - } `tfsdk:"script_configs" json:"scriptConfigs,omitempty"` + } `tfsdk:"reloaded_pod_selector" json:"reloadedPodSelector,omitempty"` StaticParameters *[]string `tfsdk:"static_parameters" json:"staticParameters,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } @@ -206,23 +210,23 @@ func (r *AppsKubeblocksIoConfigConstraintV1Beta1Manifest) Schema(_ context.Conte Optional: true, Computed: false, }, + + "top_level_key": schema.StringAttribute{ + Description: "Specifies the top-level key in the 'configSchema.cue' that organizes the validation rules for parameters. This key must exist within the CUE script defined in 'configSchema.cue'.", + MarkdownDescription: "Specifies the top-level key in the 'configSchema.cue' that organizes the validation rules for parameters. This key must exist within the CUE script defined in 'configSchema.cue'.", + Required: false, + Optional: true, + Computed: false, + }, }, Required: false, Optional: true, Computed: false, }, - "config_schema_top_level_key": schema.StringAttribute{ - Description: "Specifies the top-level key in the 'configSchema.cue' that organizes the validation rules for parameters. This key must exist within the CUE script defined in 'configSchema.cue'.", - MarkdownDescription: "Specifies the top-level key in the 'configSchema.cue' that organizes the validation rules for parameters. This key must exist within the CUE script defined in 'configSchema.cue'.", - Required: false, - Optional: true, - Computed: false, - }, - - "downward_actions": schema.ListNestedAttribute{ - Description: "Specifies a list of actions to execute specified commands based on Pod labels. It utilizes the K8s Downward API to mount label information as a volume into the pod. The 'config-manager' sidecar container watches for changes in the role label and dynamically invoke registered commands (usually execute some SQL statements) when a change is detected. It is designed for scenarios where: - Replicas with different roles have different configurations, such as Redis primary & secondary replicas. - After a role switch (e.g., from secondary to primary), some changes in configuration are needed to reflect the new role.", - MarkdownDescription: "Specifies a list of actions to execute specified commands based on Pod labels. It utilizes the K8s Downward API to mount label information as a volume into the pod. The 'config-manager' sidecar container watches for changes in the role label and dynamically invoke registered commands (usually execute some SQL statements) when a change is detected. It is designed for scenarios where: - Replicas with different roles have different configurations, such as Redis primary & secondary replicas. - After a role switch (e.g., from secondary to primary), some changes in configuration are needed to reflect the new role.", + "downward_api_triggered_actions": schema.ListNestedAttribute{ + Description: "TODO: migrate DownwardAPITriggeredActions to ComponentDefinition.spec.lifecycleActions Specifies a list of actions to execute specified commands based on Pod labels. It utilizes the K8s Downward API to mount label information as a volume into the pod. The 'config-manager' sidecar container watches for changes in the role label and dynamically invoke registered commands (usually execute some SQL statements) when a change is detected. It is designed for scenarios where: - Replicas with different roles have different configurations, such as Redis primary & secondary replicas. - After a role switch (e.g., from secondary to primary), some changes in configuration are needed to reflect the new role.", + MarkdownDescription: "TODO: migrate DownwardAPITriggeredActions to ComponentDefinition.spec.lifecycleActions Specifies a list of actions to execute specified commands based on Pod labels. It utilizes the K8s Downward API to mount label information as a volume into the pod. The 'config-manager' sidecar container watches for changes in the role label and dynamically invoke registered commands (usually execute some SQL statements) when a change is detected. It is designed for scenarios where: - Replicas with different roles have different configurations, such as Redis primary & secondary replicas. - After a role switch (e.g., from secondary to primary), some changes in configuration are needed to reflect the new role.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "command": schema.ListAttribute{ @@ -341,6 +345,35 @@ func (r *AppsKubeblocksIoConfigConstraintV1Beta1Manifest) Schema(_ context.Conte stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\.\-]*[a-z0-9])?$`), ""), }, }, + + "script_config": schema.SingleNestedAttribute{ + Description: "ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the DownwardAction to perform specific tasks or configurations.", + MarkdownDescription: "ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the DownwardAction to perform specific tasks or configurations.", + Attributes: map[string]schema.Attribute{ + "namespace": schema.StringAttribute{ + Description: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", + MarkdownDescription: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(63), + stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$`), ""), + }, + }, + + "script_config_map_ref": schema.StringAttribute{ + Description: "Specifies the reference to the ConfigMap containing the scripts.", + MarkdownDescription: "Specifies the reference to the ConfigMap containing the scripts.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, }, }, Required: false, @@ -348,37 +381,72 @@ func (r *AppsKubeblocksIoConfigConstraintV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, - "dynamic_action_can_be_merged": schema.BoolAttribute{ - Description: "Indicates whether to consolidate dynamic reload and restart actions into a single restart. - If true, updates requiring both actions will result in only a restart, merging the actions. - If false, updates will trigger both actions executed sequentially: first dynamic reload, then restart. This flag allows for more efficient handling of configuration changes by potentially eliminating an unnecessary reload step.", - MarkdownDescription: "Indicates whether to consolidate dynamic reload and restart actions into a single restart. - If true, updates requiring both actions will result in only a restart, merging the actions. - If false, updates will trigger both actions executed sequentially: first dynamic reload, then restart. This flag allows for more efficient handling of configuration changes by potentially eliminating an unnecessary reload step.", + "dynamic_parameters": schema.ListAttribute{ + Description: "List dynamic parameters. Modifications to these parameters trigger a configuration reload without requiring a process restart.", + MarkdownDescription: "List dynamic parameters. Modifications to these parameters trigger a configuration reload without requiring a process restart.", + ElementType: types.StringType, Required: false, Optional: true, Computed: false, }, - "dynamic_parameter_selected_policy": schema.StringAttribute{ - Description: "Configures whether the dynamic reload specified in 'dynamicReloadAction' applies only to dynamic parameters or to all parameters (including static parameters). - 'dynamic' (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - 'all': Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart.", - MarkdownDescription: "Configures whether the dynamic reload specified in 'dynamicReloadAction' applies only to dynamic parameters or to all parameters (including static parameters). - 'dynamic' (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - 'all': Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart.", + "file_format_config": schema.SingleNestedAttribute{ + Description: "Specifies the format of the configuration file and any associated parameters that are specific to the chosen format. Supported formats include 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties', and 'toml'. Each format may have its own set of parameters that can be configured. For instance, when using the 'ini' format, you can specify the section name. Example: ''' fileFormatConfig: format: ini iniConfig: sectionName: mysqld '''", + MarkdownDescription: "Specifies the format of the configuration file and any associated parameters that are specific to the chosen format. Supported formats include 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties', and 'toml'. Each format may have its own set of parameters that can be configured. For instance, when using the 'ini' format, you can specify the section name. Example: ''' fileFormatConfig: format: ini iniConfig: sectionName: mysqld '''", + Attributes: map[string]schema.Attribute{ + "format": schema.StringAttribute{ + Description: "The config file format. Valid values are 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties' and 'toml'. Each format has its own characteristics and use cases. - ini: is a text-based content with a structure and syntax comprising key–value pairs for properties, reference wiki: https://en.wikipedia.org/wiki/INI_file - xml: refers to wiki: https://en.wikipedia.org/wiki/XML - yaml: supports for complex data types and structures. - json: refers to wiki: https://en.wikipedia.org/wiki/JSON - hcl: The HashiCorp Configuration Language (HCL) is a configuration language authored by HashiCorp, reference url: https://www.linode.com/docs/guides/introduction-to-hcl/ - dotenv: is a plain text file with simple key–value pairs, reference wiki: https://en.wikipedia.org/wiki/Configuration_file#MS-DOS - properties: a file extension mainly used in Java, reference wiki: https://en.wikipedia.org/wiki/.properties - toml: refers to wiki: https://en.wikipedia.org/wiki/TOML - props-plus: a file extension mainly used in Java, supports CamelCase(e.g: brokerMaxConnectionsPerIp)", + MarkdownDescription: "The config file format. Valid values are 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties' and 'toml'. Each format has its own characteristics and use cases. - ini: is a text-based content with a structure and syntax comprising key–value pairs for properties, reference wiki: https://en.wikipedia.org/wiki/INI_file - xml: refers to wiki: https://en.wikipedia.org/wiki/XML - yaml: supports for complex data types and structures. - json: refers to wiki: https://en.wikipedia.org/wiki/JSON - hcl: The HashiCorp Configuration Language (HCL) is a configuration language authored by HashiCorp, reference url: https://www.linode.com/docs/guides/introduction-to-hcl/ - dotenv: is a plain text file with simple key–value pairs, reference wiki: https://en.wikipedia.org/wiki/Configuration_file#MS-DOS - properties: a file extension mainly used in Java, reference wiki: https://en.wikipedia.org/wiki/.properties - toml: refers to wiki: https://en.wikipedia.org/wiki/TOML - props-plus: a file extension mainly used in Java, supports CamelCase(e.g: brokerMaxConnectionsPerIp)", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("xml", "ini", "yaml", "json", "hcl", "dotenv", "toml", "properties", "redis", "props-plus"), + }, + }, + + "ini_config": schema.SingleNestedAttribute{ + Description: "Holds options specific to the 'ini' file format.", + MarkdownDescription: "Holds options specific to the 'ini' file format.", + Attributes: map[string]schema.Attribute{ + "section_name": schema.StringAttribute{ + Description: "A string that describes the name of the ini section.", + MarkdownDescription: "A string that describes the name of the ini section.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: true, + Optional: false, + Computed: false, + }, + + "immutable_parameters": schema.ListAttribute{ + Description: "Lists the parameters that cannot be modified once set. Attempting to change any of these parameters will be ignored.", + MarkdownDescription: "Lists the parameters that cannot be modified once set. Attempting to change any of these parameters will be ignored.", + ElementType: types.StringType, Required: false, Optional: true, Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("all", "dynamic"), - }, }, - "dynamic_parameters": schema.ListAttribute{ - Description: "List dynamic parameters. Modifications to these parameters trigger a configuration reload without requiring a process restart.", - MarkdownDescription: "List dynamic parameters. Modifications to these parameters trigger a configuration reload without requiring a process restart.", - ElementType: types.StringType, + "merge_reload_and_restart": schema.BoolAttribute{ + Description: "Indicates whether to consolidate dynamic reload and restart actions into a single restart. - If true, updates requiring both actions will result in only a restart, merging the actions. - If false, updates will trigger both actions executed sequentially: first dynamic reload, then restart. This flag allows for more efficient handling of configuration changes by potentially eliminating an unnecessary reload step.", + MarkdownDescription: "Indicates whether to consolidate dynamic reload and restart actions into a single restart. - If true, updates requiring both actions will result in only a restart, merging the actions. - If false, updates will trigger both actions executed sequentially: first dynamic reload, then restart. This flag allows for more efficient handling of configuration changes by potentially eliminating an unnecessary reload step.", Required: false, Optional: true, Computed: false, }, - "dynamic_reload_action": schema.SingleNestedAttribute{ - Description: "Specifies the dynamic reload (dynamic reconfiguration) actions supported by the engine. When set, the controller executes the scripts defined in these actions to handle dynamic parameter updates. Dynamic reloading is triggered only if both of the following conditions are met: 1. The modified parameters are listed in the 'dynamicParameters' field. If 'dynamicParameterSelectedPolicy' is set to 'all', modifications to 'staticParameters' can also trigger a reload. 2. 'dynamicReloadAction' is set. If 'dynamicReloadAction' is not set or the modified parameters are not listed in 'dynamicParameters', dynamic reloading will not be triggered. Example: '''yaml dynamicReloadAction: tplScriptTrigger: namespace: kb-system scriptConfigMapRef: mysql-reload-script sync: true '''", - MarkdownDescription: "Specifies the dynamic reload (dynamic reconfiguration) actions supported by the engine. When set, the controller executes the scripts defined in these actions to handle dynamic parameter updates. Dynamic reloading is triggered only if both of the following conditions are met: 1. The modified parameters are listed in the 'dynamicParameters' field. If 'dynamicParameterSelectedPolicy' is set to 'all', modifications to 'staticParameters' can also trigger a reload. 2. 'dynamicReloadAction' is set. If 'dynamicReloadAction' is not set or the modified parameters are not listed in 'dynamicParameters', dynamic reloading will not be triggered. Example: '''yaml dynamicReloadAction: tplScriptTrigger: namespace: kb-system scriptConfigMapRef: mysql-reload-script sync: true '''", + "reload_action": schema.SingleNestedAttribute{ + Description: "Specifies the dynamic reload (dynamic reconfiguration) actions supported by the engine. When set, the controller executes the scripts defined in these actions to handle dynamic parameter updates. Dynamic reloading is triggered only if both of the following conditions are met: 1. The modified parameters are listed in the 'dynamicParameters' field. If 'dynamicParameterSelectedPolicy' is set to 'all', modifications to 'staticParameters' can also trigger a reload. 2. 'reloadAction' is set. If 'reloadAction' is not set or the modified parameters are not listed in 'dynamicParameters', dynamic reloading will not be triggered. Example: '''yaml dynamicReloadAction: tplScriptTrigger: namespace: kb-system scriptConfigMapRef: mysql-reload-script sync: true '''", + MarkdownDescription: "Specifies the dynamic reload (dynamic reconfiguration) actions supported by the engine. When set, the controller executes the scripts defined in these actions to handle dynamic parameter updates. Dynamic reloading is triggered only if both of the following conditions are met: 1. The modified parameters are listed in the 'dynamicParameters' field. If 'dynamicParameterSelectedPolicy' is set to 'all', modifications to 'staticParameters' can also trigger a reload. 2. 'reloadAction' is set. If 'reloadAction' is not set or the modified parameters are not listed in 'dynamicParameters', dynamic reloading will not be triggered. Example: '''yaml dynamicReloadAction: tplScriptTrigger: namespace: kb-system scriptConfigMapRef: mysql-reload-script sync: true '''", Attributes: map[string]schema.Attribute{ "auto_trigger": schema.SingleNestedAttribute{ Description: "Automatically perform the reload when specified conditions are met.", @@ -401,9 +469,9 @@ func (r *AppsKubeblocksIoConfigConstraintV1Beta1Manifest) Schema(_ context.Conte Description: "Allows to execute a custom shell script to reload the process.", MarkdownDescription: "Allows to execute a custom shell script to reload the process.", Attributes: map[string]schema.Attribute{ - "batch_parameters_template": schema.StringAttribute{ - Description: "Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParametersTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 '''", - MarkdownDescription: "Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParametersTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 '''", + "batch_params_formatter_template": schema.StringAttribute{ + Description: "Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParamsFormatterTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 '''", + MarkdownDescription: "Specifies a Go template string for formatting batch input data. It's used when 'batchReload' is 'True' to format data passed into STDIN of the script. The template accesses key-value pairs of updated parameters via the '$' variable. This allows for custom formatting of the input data. Example template: '''yaml batchParamsFormatterTemplate: |- {{- range $pKey, $pValue := $ }} {{ printf '%s:%s' $pKey $pValue }} {{- end }} ''' This example generates batch input data in a key:value format, sorted by keys. ''' key1:value1 key2:value2 key3:value3 ''' If not specified, the default format is key=value, sorted by keys, for each updated parameter. ''' key1=value1 key2=value2 key3=value3 '''", Required: false, Optional: true, Computed: false, @@ -426,6 +494,35 @@ func (r *AppsKubeblocksIoConfigConstraintV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "script_config": schema.SingleNestedAttribute{ + Description: "ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload.", + MarkdownDescription: "ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload.", + Attributes: map[string]schema.Attribute{ + "namespace": schema.StringAttribute{ + Description: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", + MarkdownDescription: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(63), + stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$`), ""), + }, + }, + + "script_config_map_ref": schema.StringAttribute{ + Description: "Specifies the reference to the ConfigMap containing the scripts.", + MarkdownDescription: "Specifies the reference to the ConfigMap containing the scripts.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "sync": schema.BoolAttribute{ Description: "Determines the synchronization mode of parameter updates with 'config-manager'. - 'True': Executes reload actions synchronously, pausing until completion. - 'False': Executes reload actions asynchronously, without waiting for completion.", MarkdownDescription: "Determines the synchronization mode of parameter updates with 'config-manager'. - 'True': Executes reload actions synchronously, pausing until completion. - 'False': Executes reload actions asynchronously, without waiting for completion.", @@ -433,6 +530,74 @@ func (r *AppsKubeblocksIoConfigConstraintV1Beta1Manifest) Schema(_ context.Conte Optional: true, Computed: false, }, + + "tools_setup": schema.SingleNestedAttribute{ + Description: "Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar.", + MarkdownDescription: "Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar.", + Attributes: map[string]schema.Attribute{ + "mount_point": schema.StringAttribute{ + Description: "Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation.", + MarkdownDescription: "Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(128), + }, + }, + + "tool_configs": schema.ListNestedAttribute{ + Description: "Specifies a list of settings of init containers that prepare tools for dynamic reload.", + MarkdownDescription: "Specifies a list of settings of init containers that prepare tools for dynamic reload.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "as_container_image": schema.BoolAttribute{ + Description: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", + MarkdownDescription: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml toolsSetup:: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", + Required: false, + Optional: true, + Computed: false, + }, + + "command": schema.ListAttribute{ + Description: "Specifies the command to be executed by the init container.", + MarkdownDescription: "Specifies the command to be executed by the init container.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "image": schema.StringAttribute{ + Description: "Specifies the tool container image.", + MarkdownDescription: "Specifies the tool container image.", + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Specifies the name of the init container.", + MarkdownDescription: "Specifies the name of the init container.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(63), + stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z]([a-z0-9\-]*[a-z0-9])?$`), ""), + }, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, }, Required: false, Optional: true, @@ -509,9 +674,17 @@ func (r *AppsKubeblocksIoConfigConstraintV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, - "dynamic_reload_selector": schema.SingleNestedAttribute{ - Description: "Used to match labels on the pod to determine whether a dynamic reload should be performed. In some scenarios, only specific pods (e.g., primary replicas) need to undergo a dynamic reload. The 'dynamicReloadSelector' allows you to specify label selectors to target the desired pods for the reload process. If the 'dynamicReloadSelector' is not specified or is nil, all pods managed by the workload will be considered for the dynamic reload.", - MarkdownDescription: "Used to match labels on the pod to determine whether a dynamic reload should be performed. In some scenarios, only specific pods (e.g., primary replicas) need to undergo a dynamic reload. The 'dynamicReloadSelector' allows you to specify label selectors to target the desired pods for the reload process. If the 'dynamicReloadSelector' is not specified or is nil, all pods managed by the workload will be considered for the dynamic reload.", + "reload_static_params_before_restart": schema.BoolAttribute{ + Description: "Configures whether the dynamic reload specified in 'reloadAction' applies only to dynamic parameters or to all parameters (including static parameters). - false (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - true: Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart.", + MarkdownDescription: "Configures whether the dynamic reload specified in 'reloadAction' applies only to dynamic parameters or to all parameters (including static parameters). - false (default): Only modifications to the dynamic parameters listed in 'dynamicParameters' will trigger a dynamic reload. - true: Modifications to both dynamic parameters listed in 'dynamicParameters' and static parameters listed in 'staticParameters' will trigger a dynamic reload. The 'all' option is for certain engines that require static parameters to be set via SQL statements before they can take effect on restart.", + Required: false, + Optional: true, + Computed: false, + }, + + "reloaded_pod_selector": schema.SingleNestedAttribute{ + Description: "Used to match labels on the pod to determine whether a dynamic reload should be performed. In some scenarios, only specific pods (e.g., primary replicas) need to undergo a dynamic reload. The 'reloadedPodSelector' allows you to specify label selectors to target the desired pods for the reload process. If the 'reloadedPodSelector' is not specified or is nil, all pods managed by the workload will be considered for the dynamic reload.", + MarkdownDescription: "Used to match labels on the pod to determine whether a dynamic reload should be performed. In some scenarios, only specific pods (e.g., primary replicas) need to undergo a dynamic reload. The 'reloadedPodSelector' allows you to specify label selectors to target the desired pods for the reload process. If the 'reloadedPodSelector' is not specified or is nil, all pods managed by the workload will be considered for the dynamic reload.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -563,151 +736,6 @@ func (r *AppsKubeblocksIoConfigConstraintV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, - "formatter_config": schema.SingleNestedAttribute{ - Description: "Specifies the format of the configuration file and any associated parameters that are specific to the chosen format. Supported formats include 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties', and 'toml'. Each format may have its own set of parameters that can be configured. For instance, when using the 'ini' format, you can specify the section name. Example: ''' formatterConfig: format: ini iniConfig: sectionName: mysqld '''", - MarkdownDescription: "Specifies the format of the configuration file and any associated parameters that are specific to the chosen format. Supported formats include 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties', and 'toml'. Each format may have its own set of parameters that can be configured. For instance, when using the 'ini' format, you can specify the section name. Example: ''' formatterConfig: format: ini iniConfig: sectionName: mysqld '''", - Attributes: map[string]schema.Attribute{ - "format": schema.StringAttribute{ - Description: "The config file format. Valid values are 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties' and 'toml'. Each format has its own characteristics and use cases. - ini: is a text-based content with a structure and syntax comprising key–value pairs for properties, reference wiki: https://en.wikipedia.org/wiki/INI_file - xml: refers to wiki: https://en.wikipedia.org/wiki/XML - yaml: supports for complex data types and structures. - json: refers to wiki: https://en.wikipedia.org/wiki/JSON - hcl: The HashiCorp Configuration Language (HCL) is a configuration language authored by HashiCorp, reference url: https://www.linode.com/docs/guides/introduction-to-hcl/ - dotenv: is a plain text file with simple key–value pairs, reference wiki: https://en.wikipedia.org/wiki/Configuration_file#MS-DOS - properties: a file extension mainly used in Java, reference wiki: https://en.wikipedia.org/wiki/.properties - toml: refers to wiki: https://en.wikipedia.org/wiki/TOML - props-plus: a file extension mainly used in Java, supports CamelCase(e.g: brokerMaxConnectionsPerIp)", - MarkdownDescription: "The config file format. Valid values are 'ini', 'xml', 'yaml', 'json', 'hcl', 'dotenv', 'properties' and 'toml'. Each format has its own characteristics and use cases. - ini: is a text-based content with a structure and syntax comprising key–value pairs for properties, reference wiki: https://en.wikipedia.org/wiki/INI_file - xml: refers to wiki: https://en.wikipedia.org/wiki/XML - yaml: supports for complex data types and structures. - json: refers to wiki: https://en.wikipedia.org/wiki/JSON - hcl: The HashiCorp Configuration Language (HCL) is a configuration language authored by HashiCorp, reference url: https://www.linode.com/docs/guides/introduction-to-hcl/ - dotenv: is a plain text file with simple key–value pairs, reference wiki: https://en.wikipedia.org/wiki/Configuration_file#MS-DOS - properties: a file extension mainly used in Java, reference wiki: https://en.wikipedia.org/wiki/.properties - toml: refers to wiki: https://en.wikipedia.org/wiki/TOML - props-plus: a file extension mainly used in Java, supports CamelCase(e.g: brokerMaxConnectionsPerIp)", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.OneOf("xml", "ini", "yaml", "json", "hcl", "dotenv", "toml", "properties", "redis", "props-plus"), - }, - }, - - "ini_config": schema.SingleNestedAttribute{ - Description: "Holds options specific to the 'ini' file format.", - MarkdownDescription: "Holds options specific to the 'ini' file format.", - Attributes: map[string]schema.Attribute{ - "section_name": schema.StringAttribute{ - Description: "A string that describes the name of the ini section.", - MarkdownDescription: "A string that describes the name of the ini section.", - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: true, - Optional: false, - Computed: false, - }, - - "immutable_parameters": schema.ListAttribute{ - Description: "Lists the parameters that cannot be modified once set. Attempting to change any of these parameters will be ignored.", - MarkdownDescription: "Lists the parameters that cannot be modified once set. Attempting to change any of these parameters will be ignored.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "reload_tools_image": schema.SingleNestedAttribute{ - Description: "Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar.", - MarkdownDescription: "Specifies the tools container image used by ShellTrigger for dynamic reload. If the dynamic reload action is triggered by a ShellTrigger, this field is required. This image must contain all necessary tools for executing the ShellTrigger scripts. Usually the specified image is referenced by the init container, which is then responsible for copy the tools from the image to a bin volume. This ensures that the tools are available to the 'config-manager' sidecar.", - Attributes: map[string]schema.Attribute{ - "mount_point": schema.StringAttribute{ - Description: "Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation.", - MarkdownDescription: "Specifies the directory path in the container where the tools-related files are to be copied. This field is typically used with an emptyDir volume to ensure a temporary, empty directory is provided at pod creation.", - Required: true, - Optional: false, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(128), - }, - }, - - "tool_configs": schema.ListNestedAttribute{ - Description: "Specifies a list of settings of init containers that prepare tools for dynamic reload.", - MarkdownDescription: "Specifies a list of settings of init containers that prepare tools for dynamic reload.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "as_container_image": schema.BoolAttribute{ - Description: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml reloadToolsImage: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", - MarkdownDescription: "Indicates whether the tool image should be used as the container image for a sidecar. This is useful for large tool images, such as those for C++ tools, which may depend on numerous libraries (e.g., *.so files). If enabled, the tool image is deployed as a sidecar container image. Examples: '''yaml reloadToolsImage: mountPoint: /kb_tools toolConfigs: - name: kb-tools asContainerImage: true image: apecloud/oceanbase:4.2.0.0-100010032023083021 ''' generated containers: '''yaml initContainers: - name: install-config-manager-tool image: apecloud/kubeblocks-tools:${version} command: - cp - /bin/config_render - /opt/tools volumemounts: - name: kb-tools mountpath: /opt/tools containers: - name: config-manager image: apecloud/oceanbase:4.2.0.0-100010032023083021 imagePullPolicy: IfNotPresent command: - /opt/tools/reloader - --log-level - info - --operator-update-enable - --tcp - '9901' - --config - /opt/config-manager/config-manager.yaml volumemounts: - name: kb-tools mountpath: /opt/tools '''", - Required: false, - Optional: true, - Computed: false, - }, - - "command": schema.ListAttribute{ - Description: "Specifies the command to be executed by the init container.", - MarkdownDescription: "Specifies the command to be executed by the init container.", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "image": schema.StringAttribute{ - Description: "Specifies the tool container image.", - MarkdownDescription: "Specifies the tool container image.", - Required: false, - Optional: true, - Computed: false, - }, - - "name": schema.StringAttribute{ - Description: "Specifies the name of the init container.", - MarkdownDescription: "Specifies the name of the init container.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z]([a-z0-9\-]*[a-z0-9])?$`), ""), - }, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - - "script_configs": schema.ListNestedAttribute{ - Description: "A list of ScriptConfig Object. Each ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload and DownwardAction to perform specific tasks or configurations.", - MarkdownDescription: "A list of ScriptConfig Object. Each ScriptConfig object specifies a ConfigMap that contains script files that should be mounted inside the pod. The scripts are mounted as volumes and can be referenced and executed by the dynamic reload and DownwardAction to perform specific tasks or configurations.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "namespace": schema.StringAttribute{ - Description: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", - MarkdownDescription: "Specifies the namespace for the ConfigMap. If not specified, it defaults to the 'default' namespace.", - Required: false, - Optional: true, - Computed: false, - Validators: []validator.String{ - stringvalidator.LengthAtMost(63), - stringvalidator.RegexMatches(regexp.MustCompile(`^[a-z0-9]([a-z0-9\-]*[a-z0-9])?$`), ""), - }, - }, - - "script_config_map_ref": schema.StringAttribute{ - Description: "Specifies the reference to the ConfigMap containing the scripts.", - MarkdownDescription: "Specifies the reference to the ConfigMap containing the scripts.", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "static_parameters": schema.ListAttribute{ Description: "List static parameters. Modifications to any of these parameters require a restart of the process to take effect.", MarkdownDescription: "List static parameters. Modifications to any of these parameters require a restart of the process to take effect.", diff --git a/internal/provider/asdb_aerospike_com_v1/asdb_aerospike_com_aerospike_cluster_v1_manifest.go b/internal/provider/asdb_aerospike_com_v1/asdb_aerospike_com_aerospike_cluster_v1_manifest.go index 82344042c..954563e31 100644 --- a/internal/provider/asdb_aerospike_com_v1/asdb_aerospike_com_aerospike_cluster_v1_manifest.go +++ b/internal/provider/asdb_aerospike_com_v1/asdb_aerospike_com_aerospike_cluster_v1_manifest.go @@ -76,6 +76,7 @@ type AsdbAerospikeComAerospikeClusterV1ManifestData struct { TlsAlternateAccess *string `tfsdk:"tls_alternate_access" json:"tlsAlternateAccess,omitempty"` TlsFabric *string `tfsdk:"tls_fabric" json:"tlsFabric,omitempty"` } `tfsdk:"aerospike_network_policy" json:"aerospikeNetworkPolicy,omitempty"` + DisablePDB *bool `tfsdk:"disable_pdb" json:"disablePDB,omitempty"` EnableDynamicConfigUpdate *bool `tfsdk:"enable_dynamic_config_update" json:"enableDynamicConfigUpdate,omitempty"` Image *string `tfsdk:"image" json:"image,omitempty"` K8sNodeBlockList *[]string `tfsdk:"k8s_node_block_list" json:"k8sNodeBlockList,omitempty"` @@ -1800,6 +1801,14 @@ func (r *AsdbAerospikeComAerospikeClusterV1Manifest) Schema(_ context.Context, _ Computed: false, }, + "disable_pdb": schema.BoolAttribute{ + Description: "Disable the PodDisruptionBudget creation for the Aerospike cluster.", + MarkdownDescription: "Disable the PodDisruptionBudget creation for the Aerospike cluster.", + Required: false, + Optional: true, + Computed: false, + }, + "enable_dynamic_config_update": schema.BoolAttribute{ Description: "EnableDynamicConfigUpdate enables dynamic config update flow of the operator. If enabled, operator will try to update the Aerospike config dynamically. In case of inconsistent state during dynamic config update, operator falls back to rolling restart.", MarkdownDescription: "EnableDynamicConfigUpdate enables dynamic config update flow of the operator. If enabled, operator will try to update the Aerospike config dynamically. In case of inconsistent state during dynamic config update, operator falls back to rolling restart.", diff --git a/internal/provider/beat_k8s_elastic_co_v1beta1/beat_k8s_elastic_co_beat_v1beta1_manifest.go b/internal/provider/beat_k8s_elastic_co_v1beta1/beat_k8s_elastic_co_beat_v1beta1_manifest.go index 849a6f53b..88dffd4c7 100644 --- a/internal/provider/beat_k8s_elastic_co_v1beta1/beat_k8s_elastic_co_beat_v1beta1_manifest.go +++ b/internal/provider/beat_k8s_elastic_co_v1beta1/beat_k8s_elastic_co_beat_v1beta1_manifest.go @@ -358,7 +358,11 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -424,12 +428,13 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -610,7 +615,11 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -677,12 +686,13 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -865,7 +875,11 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -931,12 +945,13 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -966,6 +981,10 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1652,7 +1671,11 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1718,12 +1741,13 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -1904,7 +1928,11 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1971,12 +1999,13 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -2159,7 +2188,11 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -2225,12 +2258,13 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -2260,6 +2294,10 @@ type BeatK8SElasticCoBeatV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -3130,8 +3168,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3139,8 +3177,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3297,8 +3335,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3306,8 +3344,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3464,8 +3502,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3473,8 +3511,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3631,8 +3669,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3640,8 +3678,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4832,6 +4870,31 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -5293,8 +5356,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -5316,6 +5379,14 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6511,6 +6582,31 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6980,8 +7076,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -7003,6 +7099,14 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7040,8 +7144,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -8215,6 +8319,31 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -8676,8 +8805,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -8699,6 +8828,14 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -8753,8 +8890,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8890,8 +9027,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8912,6 +9049,31 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -9101,8 +9263,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -9276,8 +9438,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -9719,8 +9881,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -10065,8 +10227,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -10783,8 +10945,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -11784,8 +11946,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -11793,8 +11955,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -11951,8 +12113,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -11960,8 +12122,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -12118,8 +12280,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -12127,8 +12289,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -12285,8 +12447,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -12294,8 +12456,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -13486,6 +13648,31 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -13947,8 +14134,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -13970,6 +14157,14 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -15165,6 +15360,31 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -15634,8 +15854,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -15657,6 +15877,14 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -15694,8 +15922,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -16869,6 +17097,31 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -17330,8 +17583,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -17353,6 +17606,14 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -17407,8 +17668,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -17544,8 +17805,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -17566,6 +17827,31 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -17755,8 +18041,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -17930,8 +18216,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -18373,8 +18659,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -18719,8 +19005,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -19437,8 +19723,8 @@ func (r *BeatK8SElasticCoBeatV1Beta1Manifest) Schema(_ context.Context, _ dataso NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", diff --git a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_platform_v1_manifest.go b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_platform_v1_manifest.go index 6e491bb09..e7e62aaff 100644 --- a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_platform_v1_manifest.go +++ b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_platform_v1_manifest.go @@ -182,21 +182,27 @@ type CamelApacheOrgIntegrationPlatformV1ManifestData struct { RuntimeVersion *string `tfsdk:"runtime_version" json:"runtimeVersion,omitempty"` } `tfsdk:"camel" json:"camel,omitempty"` Container *struct { - Auto *bool `tfsdk:"auto" json:"auto,omitempty"` - Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` - Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` - Expose *bool `tfsdk:"expose" json:"expose,omitempty"` - Image *string `tfsdk:"image" json:"image,omitempty"` - ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` - LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` - LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Port *int64 `tfsdk:"port" json:"port,omitempty"` - PortName *string `tfsdk:"port_name" json:"portName,omitempty"` - RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` - RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` - ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` - ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` + AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` + Auto *bool `tfsdk:"auto" json:"auto,omitempty"` + CapabilitiesAdd *[]string `tfsdk:"capabilities_add" json:"capabilitiesAdd,omitempty"` + CapabilitiesDrop *[]string `tfsdk:"capabilities_drop" json:"capabilitiesDrop,omitempty"` + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + Expose *bool `tfsdk:"expose" json:"expose,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` + LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` + LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Port *int64 `tfsdk:"port" json:"port,omitempty"` + PortName *string `tfsdk:"port_name" json:"portName,omitempty"` + RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` + RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` + ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` } `tfsdk:"container" json:"container,omitempty"` Cron *struct { ActiveDeadlineSeconds *int64 `tfsdk:"active_deadline_seconds" json:"activeDeadlineSeconds,omitempty"` @@ -438,6 +444,13 @@ type CamelApacheOrgIntegrationPlatformV1ManifestData struct { TlsKeySecret *string `tfsdk:"tls_key_secret" json:"tlsKeySecret,omitempty"` TlsTermination *string `tfsdk:"tls_termination" json:"tlsTermination,omitempty"` } `tfsdk:"route" json:"route,omitempty"` + Security_context *struct { + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + } `tfsdk:"security_context" json:"security-context,omitempty"` Service *struct { Auto *bool `tfsdk:"auto" json:"auto,omitempty"` Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` @@ -1539,6 +1552,14 @@ func (r *CamelApacheOrgIntegrationPlatformV1Manifest) Schema(_ context.Context, Description: "The configuration of Container trait", MarkdownDescription: "The configuration of Container trait", Attributes: map[string]schema.Attribute{ + "allow_privilege_escalation": schema.BoolAttribute{ + Description: "Security Context AllowPrivilegeEscalation configuration (default false).", + MarkdownDescription: "Security Context AllowPrivilegeEscalation configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + "auto": schema.BoolAttribute{ Description: "To automatically enable the trait", MarkdownDescription: "To automatically enable the trait", @@ -1547,6 +1568,24 @@ func (r *CamelApacheOrgIntegrationPlatformV1Manifest) Schema(_ context.Context, Computed: false, }, + "capabilities_add": schema.ListAttribute{ + Description: "Security Context Capabilities Add configuration (default none).", + MarkdownDescription: "Security Context Capabilities Add configuration (default none).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "capabilities_drop": schema.ListAttribute{ + Description: "Security Context Capabilities Drop configuration (default ALL).", + MarkdownDescription: "Security Context Capabilities Drop configuration (default ALL).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "configuration": schema.MapAttribute{ Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", @@ -1647,6 +1686,33 @@ func (r *CamelApacheOrgIntegrationPlatformV1Manifest) Schema(_ context.Context, Computed: false, }, + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + "service_port": schema.Int64Attribute{ Description: "To configure under which service port the container port is to be exposed (default '80').", MarkdownDescription: "To configure under which service port the container port is to be exposed (default '80').", @@ -3466,6 +3532,59 @@ func (r *CamelApacheOrgIntegrationPlatformV1Manifest) Schema(_ context.Context, Computed: false, }, + "security_context": schema.SingleNestedAttribute{ + Description: "The configuration of Security Context trait", + MarkdownDescription: "The configuration of Security Context trait", + Attributes: map[string]schema.Attribute{ + "configuration": schema.MapAttribute{ + Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "enabled": schema.BoolAttribute{ + Description: "Deprecated: no longer in use.", + MarkdownDescription: "Deprecated: no longer in use.", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "service": schema.SingleNestedAttribute{ Description: "The configuration of Service trait", MarkdownDescription: "The configuration of Service trait", diff --git a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_profile_v1_manifest.go b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_profile_v1_manifest.go index 82c454cb8..990dddc7d 100644 --- a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_profile_v1_manifest.go +++ b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_profile_v1_manifest.go @@ -159,21 +159,27 @@ type CamelApacheOrgIntegrationProfileV1ManifestData struct { RuntimeVersion *string `tfsdk:"runtime_version" json:"runtimeVersion,omitempty"` } `tfsdk:"camel" json:"camel,omitempty"` Container *struct { - Auto *bool `tfsdk:"auto" json:"auto,omitempty"` - Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` - Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` - Expose *bool `tfsdk:"expose" json:"expose,omitempty"` - Image *string `tfsdk:"image" json:"image,omitempty"` - ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` - LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` - LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Port *int64 `tfsdk:"port" json:"port,omitempty"` - PortName *string `tfsdk:"port_name" json:"portName,omitempty"` - RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` - RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` - ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` - ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` + AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` + Auto *bool `tfsdk:"auto" json:"auto,omitempty"` + CapabilitiesAdd *[]string `tfsdk:"capabilities_add" json:"capabilitiesAdd,omitempty"` + CapabilitiesDrop *[]string `tfsdk:"capabilities_drop" json:"capabilitiesDrop,omitempty"` + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + Expose *bool `tfsdk:"expose" json:"expose,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` + LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` + LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Port *int64 `tfsdk:"port" json:"port,omitempty"` + PortName *string `tfsdk:"port_name" json:"portName,omitempty"` + RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` + RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` + ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` } `tfsdk:"container" json:"container,omitempty"` Cron *struct { ActiveDeadlineSeconds *int64 `tfsdk:"active_deadline_seconds" json:"activeDeadlineSeconds,omitempty"` @@ -415,6 +421,13 @@ type CamelApacheOrgIntegrationProfileV1ManifestData struct { TlsKeySecret *string `tfsdk:"tls_key_secret" json:"tlsKeySecret,omitempty"` TlsTermination *string `tfsdk:"tls_termination" json:"tlsTermination,omitempty"` } `tfsdk:"route" json:"route,omitempty"` + Security_context *struct { + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + } `tfsdk:"security_context" json:"security-context,omitempty"` Service *struct { Auto *bool `tfsdk:"auto" json:"auto,omitempty"` Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` @@ -1334,6 +1347,14 @@ func (r *CamelApacheOrgIntegrationProfileV1Manifest) Schema(_ context.Context, _ Description: "The configuration of Container trait", MarkdownDescription: "The configuration of Container trait", Attributes: map[string]schema.Attribute{ + "allow_privilege_escalation": schema.BoolAttribute{ + Description: "Security Context AllowPrivilegeEscalation configuration (default false).", + MarkdownDescription: "Security Context AllowPrivilegeEscalation configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + "auto": schema.BoolAttribute{ Description: "To automatically enable the trait", MarkdownDescription: "To automatically enable the trait", @@ -1342,6 +1363,24 @@ func (r *CamelApacheOrgIntegrationProfileV1Manifest) Schema(_ context.Context, _ Computed: false, }, + "capabilities_add": schema.ListAttribute{ + Description: "Security Context Capabilities Add configuration (default none).", + MarkdownDescription: "Security Context Capabilities Add configuration (default none).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "capabilities_drop": schema.ListAttribute{ + Description: "Security Context Capabilities Drop configuration (default ALL).", + MarkdownDescription: "Security Context Capabilities Drop configuration (default ALL).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "configuration": schema.MapAttribute{ Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", @@ -1442,6 +1481,33 @@ func (r *CamelApacheOrgIntegrationProfileV1Manifest) Schema(_ context.Context, _ Computed: false, }, + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + "service_port": schema.Int64Attribute{ Description: "To configure under which service port the container port is to be exposed (default '80').", MarkdownDescription: "To configure under which service port the container port is to be exposed (default '80').", @@ -3261,6 +3327,59 @@ func (r *CamelApacheOrgIntegrationProfileV1Manifest) Schema(_ context.Context, _ Computed: false, }, + "security_context": schema.SingleNestedAttribute{ + Description: "The configuration of Security Context trait", + MarkdownDescription: "The configuration of Security Context trait", + Attributes: map[string]schema.Attribute{ + "configuration": schema.MapAttribute{ + Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "enabled": schema.BoolAttribute{ + Description: "Deprecated: no longer in use.", + MarkdownDescription: "Deprecated: no longer in use.", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "service": schema.SingleNestedAttribute{ Description: "The configuration of Service trait", MarkdownDescription: "The configuration of Service trait", diff --git a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_v1_manifest.go b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_v1_manifest.go index ad742a478..a34fda2ee 100644 --- a/internal/provider/camel_apache_org_v1/camel_apache_org_integration_v1_manifest.go +++ b/internal/provider/camel_apache_org_v1/camel_apache_org_integration_v1_manifest.go @@ -1177,21 +1177,27 @@ type CamelApacheOrgIntegrationV1ManifestData struct { RuntimeVersion *string `tfsdk:"runtime_version" json:"runtimeVersion,omitempty"` } `tfsdk:"camel" json:"camel,omitempty"` Container *struct { - Auto *bool `tfsdk:"auto" json:"auto,omitempty"` - Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` - Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` - Expose *bool `tfsdk:"expose" json:"expose,omitempty"` - Image *string `tfsdk:"image" json:"image,omitempty"` - ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` - LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` - LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Port *int64 `tfsdk:"port" json:"port,omitempty"` - PortName *string `tfsdk:"port_name" json:"portName,omitempty"` - RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` - RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` - ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` - ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` + AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` + Auto *bool `tfsdk:"auto" json:"auto,omitempty"` + CapabilitiesAdd *[]string `tfsdk:"capabilities_add" json:"capabilitiesAdd,omitempty"` + CapabilitiesDrop *[]string `tfsdk:"capabilities_drop" json:"capabilitiesDrop,omitempty"` + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + Expose *bool `tfsdk:"expose" json:"expose,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` + LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` + LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Port *int64 `tfsdk:"port" json:"port,omitempty"` + PortName *string `tfsdk:"port_name" json:"portName,omitempty"` + RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` + RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` + ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` } `tfsdk:"container" json:"container,omitempty"` Cron *struct { ActiveDeadlineSeconds *int64 `tfsdk:"active_deadline_seconds" json:"activeDeadlineSeconds,omitempty"` @@ -1433,6 +1439,13 @@ type CamelApacheOrgIntegrationV1ManifestData struct { TlsKeySecret *string `tfsdk:"tls_key_secret" json:"tlsKeySecret,omitempty"` TlsTermination *string `tfsdk:"tls_termination" json:"tlsTermination,omitempty"` } `tfsdk:"route" json:"route,omitempty"` + Security_context *struct { + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + } `tfsdk:"security_context" json:"security-context,omitempty"` Service *struct { Auto *bool `tfsdk:"auto" json:"auto,omitempty"` Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` @@ -9197,6 +9210,14 @@ func (r *CamelApacheOrgIntegrationV1Manifest) Schema(_ context.Context, _ dataso Description: "The configuration of Container trait", MarkdownDescription: "The configuration of Container trait", Attributes: map[string]schema.Attribute{ + "allow_privilege_escalation": schema.BoolAttribute{ + Description: "Security Context AllowPrivilegeEscalation configuration (default false).", + MarkdownDescription: "Security Context AllowPrivilegeEscalation configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + "auto": schema.BoolAttribute{ Description: "To automatically enable the trait", MarkdownDescription: "To automatically enable the trait", @@ -9205,6 +9226,24 @@ func (r *CamelApacheOrgIntegrationV1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "capabilities_add": schema.ListAttribute{ + Description: "Security Context Capabilities Add configuration (default none).", + MarkdownDescription: "Security Context Capabilities Add configuration (default none).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "capabilities_drop": schema.ListAttribute{ + Description: "Security Context Capabilities Drop configuration (default ALL).", + MarkdownDescription: "Security Context Capabilities Drop configuration (default ALL).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "configuration": schema.MapAttribute{ Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", @@ -9305,6 +9344,33 @@ func (r *CamelApacheOrgIntegrationV1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + "service_port": schema.Int64Attribute{ Description: "To configure under which service port the container port is to be exposed (default '80').", MarkdownDescription: "To configure under which service port the container port is to be exposed (default '80').", @@ -11124,6 +11190,59 @@ func (r *CamelApacheOrgIntegrationV1Manifest) Schema(_ context.Context, _ dataso Computed: false, }, + "security_context": schema.SingleNestedAttribute{ + Description: "The configuration of Security Context trait", + MarkdownDescription: "The configuration of Security Context trait", + Attributes: map[string]schema.Attribute{ + "configuration": schema.MapAttribute{ + Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "enabled": schema.BoolAttribute{ + Description: "Deprecated: no longer in use.", + MarkdownDescription: "Deprecated: no longer in use.", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "service": schema.SingleNestedAttribute{ Description: "The configuration of Service trait", MarkdownDescription: "The configuration of Service trait", diff --git a/internal/provider/camel_apache_org_v1/camel_apache_org_pipe_v1_manifest.go b/internal/provider/camel_apache_org_v1/camel_apache_org_pipe_v1_manifest.go index 8f11dd358..50e23cf13 100644 --- a/internal/provider/camel_apache_org_v1/camel_apache_org_pipe_v1_manifest.go +++ b/internal/provider/camel_apache_org_v1/camel_apache_org_pipe_v1_manifest.go @@ -1179,21 +1179,27 @@ type CamelApacheOrgPipeV1ManifestData struct { RuntimeVersion *string `tfsdk:"runtime_version" json:"runtimeVersion,omitempty"` } `tfsdk:"camel" json:"camel,omitempty"` Container *struct { - Auto *bool `tfsdk:"auto" json:"auto,omitempty"` - Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` - Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` - Expose *bool `tfsdk:"expose" json:"expose,omitempty"` - Image *string `tfsdk:"image" json:"image,omitempty"` - ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` - LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` - LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Port *int64 `tfsdk:"port" json:"port,omitempty"` - PortName *string `tfsdk:"port_name" json:"portName,omitempty"` - RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` - RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` - ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` - ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` + AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` + Auto *bool `tfsdk:"auto" json:"auto,omitempty"` + CapabilitiesAdd *[]string `tfsdk:"capabilities_add" json:"capabilitiesAdd,omitempty"` + CapabilitiesDrop *[]string `tfsdk:"capabilities_drop" json:"capabilitiesDrop,omitempty"` + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + Expose *bool `tfsdk:"expose" json:"expose,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` + LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` + LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Port *int64 `tfsdk:"port" json:"port,omitempty"` + PortName *string `tfsdk:"port_name" json:"portName,omitempty"` + RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` + RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` + ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` } `tfsdk:"container" json:"container,omitempty"` Cron *struct { ActiveDeadlineSeconds *int64 `tfsdk:"active_deadline_seconds" json:"activeDeadlineSeconds,omitempty"` @@ -1435,6 +1441,13 @@ type CamelApacheOrgPipeV1ManifestData struct { TlsKeySecret *string `tfsdk:"tls_key_secret" json:"tlsKeySecret,omitempty"` TlsTermination *string `tfsdk:"tls_termination" json:"tlsTermination,omitempty"` } `tfsdk:"route" json:"route,omitempty"` + Security_context *struct { + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + } `tfsdk:"security_context" json:"security-context,omitempty"` Service *struct { Auto *bool `tfsdk:"auto" json:"auto,omitempty"` Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` @@ -9266,6 +9279,14 @@ func (r *CamelApacheOrgPipeV1Manifest) Schema(_ context.Context, _ datasource.Sc Description: "The configuration of Container trait", MarkdownDescription: "The configuration of Container trait", Attributes: map[string]schema.Attribute{ + "allow_privilege_escalation": schema.BoolAttribute{ + Description: "Security Context AllowPrivilegeEscalation configuration (default false).", + MarkdownDescription: "Security Context AllowPrivilegeEscalation configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + "auto": schema.BoolAttribute{ Description: "To automatically enable the trait", MarkdownDescription: "To automatically enable the trait", @@ -9274,6 +9295,24 @@ func (r *CamelApacheOrgPipeV1Manifest) Schema(_ context.Context, _ datasource.Sc Computed: false, }, + "capabilities_add": schema.ListAttribute{ + Description: "Security Context Capabilities Add configuration (default none).", + MarkdownDescription: "Security Context Capabilities Add configuration (default none).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "capabilities_drop": schema.ListAttribute{ + Description: "Security Context Capabilities Drop configuration (default ALL).", + MarkdownDescription: "Security Context Capabilities Drop configuration (default ALL).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "configuration": schema.MapAttribute{ Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", @@ -9374,6 +9413,33 @@ func (r *CamelApacheOrgPipeV1Manifest) Schema(_ context.Context, _ datasource.Sc Computed: false, }, + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + "service_port": schema.Int64Attribute{ Description: "To configure under which service port the container port is to be exposed (default '80').", MarkdownDescription: "To configure under which service port the container port is to be exposed (default '80').", @@ -11193,6 +11259,59 @@ func (r *CamelApacheOrgPipeV1Manifest) Schema(_ context.Context, _ datasource.Sc Computed: false, }, + "security_context": schema.SingleNestedAttribute{ + Description: "The configuration of Security Context trait", + MarkdownDescription: "The configuration of Security Context trait", + Attributes: map[string]schema.Attribute{ + "configuration": schema.MapAttribute{ + Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "enabled": schema.BoolAttribute{ + Description: "Deprecated: no longer in use.", + MarkdownDescription: "Deprecated: no longer in use.", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "service": schema.SingleNestedAttribute{ Description: "The configuration of Service trait", MarkdownDescription: "The configuration of Service trait", diff --git a/internal/provider/camel_apache_org_v1alpha1/camel_apache_org_kamelet_binding_v1alpha1_manifest.go b/internal/provider/camel_apache_org_v1alpha1/camel_apache_org_kamelet_binding_v1alpha1_manifest.go index 7d70c9002..d7ec443ff 100644 --- a/internal/provider/camel_apache_org_v1alpha1/camel_apache_org_kamelet_binding_v1alpha1_manifest.go +++ b/internal/provider/camel_apache_org_v1alpha1/camel_apache_org_kamelet_binding_v1alpha1_manifest.go @@ -1179,21 +1179,27 @@ type CamelApacheOrgKameletBindingV1Alpha1ManifestData struct { RuntimeVersion *string `tfsdk:"runtime_version" json:"runtimeVersion,omitempty"` } `tfsdk:"camel" json:"camel,omitempty"` Container *struct { - Auto *bool `tfsdk:"auto" json:"auto,omitempty"` - Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` - Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` - Expose *bool `tfsdk:"expose" json:"expose,omitempty"` - Image *string `tfsdk:"image" json:"image,omitempty"` - ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` - LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` - LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - Port *int64 `tfsdk:"port" json:"port,omitempty"` - PortName *string `tfsdk:"port_name" json:"portName,omitempty"` - RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` - RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` - ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` - ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` + AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` + Auto *bool `tfsdk:"auto" json:"auto,omitempty"` + CapabilitiesAdd *[]string `tfsdk:"capabilities_add" json:"capabilitiesAdd,omitempty"` + CapabilitiesDrop *[]string `tfsdk:"capabilities_drop" json:"capabilitiesDrop,omitempty"` + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + Expose *bool `tfsdk:"expose" json:"expose,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + ImagePullPolicy *string `tfsdk:"image_pull_policy" json:"imagePullPolicy,omitempty"` + LimitCPU *string `tfsdk:"limit_cpu" json:"limitCPU,omitempty"` + LimitMemory *string `tfsdk:"limit_memory" json:"limitMemory,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Port *int64 `tfsdk:"port" json:"port,omitempty"` + PortName *string `tfsdk:"port_name" json:"portName,omitempty"` + RequestCPU *string `tfsdk:"request_cpu" json:"requestCPU,omitempty"` + RequestMemory *string `tfsdk:"request_memory" json:"requestMemory,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + ServicePort *int64 `tfsdk:"service_port" json:"servicePort,omitempty"` + ServicePortName *string `tfsdk:"service_port_name" json:"servicePortName,omitempty"` } `tfsdk:"container" json:"container,omitempty"` Cron *struct { ActiveDeadlineSeconds *int64 `tfsdk:"active_deadline_seconds" json:"activeDeadlineSeconds,omitempty"` @@ -1435,6 +1441,13 @@ type CamelApacheOrgKameletBindingV1Alpha1ManifestData struct { TlsKeySecret *string `tfsdk:"tls_key_secret" json:"tlsKeySecret,omitempty"` TlsTermination *string `tfsdk:"tls_termination" json:"tlsTermination,omitempty"` } `tfsdk:"route" json:"route,omitempty"` + Security_context *struct { + Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + RunAsNonRoot *bool `tfsdk:"run_as_non_root" json:"runAsNonRoot,omitempty"` + RunAsUser *int64 `tfsdk:"run_as_user" json:"runAsUser,omitempty"` + SeccompProfileType *string `tfsdk:"seccomp_profile_type" json:"seccompProfileType,omitempty"` + } `tfsdk:"security_context" json:"security-context,omitempty"` Service *struct { Auto *bool `tfsdk:"auto" json:"auto,omitempty"` Configuration *map[string]string `tfsdk:"configuration" json:"configuration,omitempty"` @@ -9392,6 +9405,14 @@ func (r *CamelApacheOrgKameletBindingV1Alpha1Manifest) Schema(_ context.Context, Description: "The configuration of Container trait", MarkdownDescription: "The configuration of Container trait", Attributes: map[string]schema.Attribute{ + "allow_privilege_escalation": schema.BoolAttribute{ + Description: "Security Context AllowPrivilegeEscalation configuration (default false).", + MarkdownDescription: "Security Context AllowPrivilegeEscalation configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + "auto": schema.BoolAttribute{ Description: "To automatically enable the trait", MarkdownDescription: "To automatically enable the trait", @@ -9400,6 +9421,24 @@ func (r *CamelApacheOrgKameletBindingV1Alpha1Manifest) Schema(_ context.Context, Computed: false, }, + "capabilities_add": schema.ListAttribute{ + Description: "Security Context Capabilities Add configuration (default none).", + MarkdownDescription: "Security Context Capabilities Add configuration (default none).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "capabilities_drop": schema.ListAttribute{ + Description: "Security Context Capabilities Drop configuration (default ALL).", + MarkdownDescription: "Security Context Capabilities Drop configuration (default ALL).", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "configuration": schema.MapAttribute{ Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", @@ -9500,6 +9539,33 @@ func (r *CamelApacheOrgKameletBindingV1Alpha1Manifest) Schema(_ context.Context, Computed: false, }, + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + "service_port": schema.Int64Attribute{ Description: "To configure under which service port the container port is to be exposed (default '80').", MarkdownDescription: "To configure under which service port the container port is to be exposed (default '80').", @@ -11319,6 +11385,59 @@ func (r *CamelApacheOrgKameletBindingV1Alpha1Manifest) Schema(_ context.Context, Computed: false, }, + "security_context": schema.SingleNestedAttribute{ + Description: "The configuration of Security Context trait", + MarkdownDescription: "The configuration of Security Context trait", + Attributes: map[string]schema.Attribute{ + "configuration": schema.MapAttribute{ + Description: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + MarkdownDescription: "Legacy trait configuration parameters. Deprecated: for backward compatibility.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "enabled": schema.BoolAttribute{ + Description: "Deprecated: no longer in use.", + MarkdownDescription: "Deprecated: no longer in use.", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_non_root": schema.BoolAttribute{ + Description: "Security Context RunAsNonRoot configuration (default false).", + MarkdownDescription: "Security Context RunAsNonRoot configuration (default false).", + Required: false, + Optional: true, + Computed: false, + }, + + "run_as_user": schema.Int64Attribute{ + Description: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + MarkdownDescription: "Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.", + Required: false, + Optional: true, + Computed: false, + }, + + "seccomp_profile_type": schema.StringAttribute{ + Description: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + MarkdownDescription: "Security Context SeccompProfileType configuration (default RuntimeDefault).", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Unconfined", "RuntimeDefault"), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "service": schema.SingleNestedAttribute{ Description: "The configuration of Service trait", MarkdownDescription: "The configuration of Service trait", diff --git a/internal/provider/capsule_clastix_io_v1beta1/capsule_clastix_io_tenant_v1beta1_manifest.go b/internal/provider/capsule_clastix_io_v1beta1/capsule_clastix_io_tenant_v1beta1_manifest.go index e0181e2dd..856f3aa6c 100644 --- a/internal/provider/capsule_clastix_io_v1beta1/capsule_clastix_io_tenant_v1beta1_manifest.go +++ b/internal/provider/capsule_clastix_io_v1beta1/capsule_clastix_io_tenant_v1beta1_manifest.go @@ -298,16 +298,16 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_group": schema.StringAttribute{ - Description: "APIGroup holds the API group of the referenced subject. Defaults to '' for ServiceAccount subjects. Defaults to 'rbac.authorization.k8s.io' for User and Group subjects.", - MarkdownDescription: "APIGroup holds the API group of the referenced subject. Defaults to '' for ServiceAccount subjects. Defaults to 'rbac.authorization.k8s.io' for User and Group subjects.", + Description: "APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects.", + MarkdownDescription: "APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects.", Required: false, Optional: true, Computed: false, }, "kind": schema.StringAttribute{ - Description: "Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'. If the Authorizer does not recognized the kind value, the Authorizer should report an error.", - MarkdownDescription: "Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'. If the Authorizer does not recognized the kind value, the Authorizer should report an error.", + Description: "Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error.", + MarkdownDescription: "Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error.", Required: true, Optional: false, Computed: false, @@ -322,8 +322,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not empty the Authorizer should report an error.", - MarkdownDescription: "Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not empty the Authorizer should report an error.", + Description: "Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error.", + MarkdownDescription: "Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error.", Required: false, Optional: true, Computed: false, @@ -433,8 +433,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "hostname_collision_scope": schema.StringAttribute{ - Description: "Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames. - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule. - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant. - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace. Optional.", - MarkdownDescription: "Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames. - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule. - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant. - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace. Optional.", + Description: "Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.- Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule.- Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant.- Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace.Optional.", + MarkdownDescription: "Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.- Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule.- Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant.- Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace.Optional.", Required: false, Optional: true, Computed: false, @@ -589,34 +589,34 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "egress": schema.ListNestedAttribute{ - Description: "egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8", - MarkdownDescription: "egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8", + Description: "egress is a list of egress rules to be applied to the selected pods. Outgoing trafficis allowed if there are no NetworkPolicies selecting the pod (and cluster policyotherwise allows the traffic), OR if the traffic matches at least one egress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy limits all outgoing traffic (and servessolely to ensure that the pods it selects are isolated by default).This field is beta-level in 1.8", + MarkdownDescription: "egress is a list of egress rules to be applied to the selected pods. Outgoing trafficis allowed if there are no NetworkPolicies selecting the pod (and cluster policyotherwise allows the traffic), OR if the traffic matches at least one egress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy limits all outgoing traffic (and servessolely to ensure that the pods it selects are isolated by default).This field is beta-level in 1.8", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ - Description: "ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", - MarkdownDescription: "ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", + Description: "ports is a list of destination ports for outgoing traffic.Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list.", + MarkdownDescription: "ports is a list of destination ports for outgoing traffic.Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "end_port": schema.Int64Attribute{ - Description: "endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", - MarkdownDescription: "endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", + Description: "endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port.", + MarkdownDescription: "endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port.", Required: false, Optional: true, Computed: false, }, "port": schema.StringAttribute{ - Description: "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", - MarkdownDescription: "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", + Description: "port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched.", + MarkdownDescription: "port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched.", Required: false, Optional: true, Computed: false, }, "protocol": schema.StringAttribute{ - Description: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", - MarkdownDescription: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", + Description: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP.", + MarkdownDescription: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP.", Required: false, Optional: true, Computed: false, @@ -629,25 +629,25 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "to": schema.ListNestedAttribute{ - Description: "to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", - MarkdownDescription: "to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", + Description: "to is a list of destinations for outgoing traffic of pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all destinations (traffic not restricted bydestination). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the to list.", + MarkdownDescription: "to is a list of destinations for outgoing traffic of pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all destinations (traffic not restricted bydestination). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the to list.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ip_block": schema.SingleNestedAttribute{ - Description: "ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.", - MarkdownDescription: "ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.", + Description: "ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be.", + MarkdownDescription: "ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be.", Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ - Description: "cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64'", - MarkdownDescription: "cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64'", + Description: "cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'", + MarkdownDescription: "cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'", Required: true, Optional: false, Computed: false, }, "except": schema.ListAttribute{ - Description: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range", - MarkdownDescription: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range", + Description: "except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range", + MarkdownDescription: "except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range", ElementType: types.StringType, Required: false, Optional: true, @@ -660,8 +660,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.", - MarkdownDescription: "namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.", + Description: "namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector.", + MarkdownDescription: "namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -677,16 +677,16 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -700,8 +700,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -714,8 +714,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "pod_selector": schema.SingleNestedAttribute{ - Description: "podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.", - MarkdownDescription: "podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.", + Description: "podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace.", + MarkdownDescription: "podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -731,16 +731,16 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -754,8 +754,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -780,30 +780,30 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "ingress": schema.ListNestedAttribute{ - Description: "ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)", - MarkdownDescription: "ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)", + Description: "ingress is a list of ingress rules to be applied to the selected pods.Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod(and cluster policy otherwise allows the traffic), OR if the traffic source isthe pod's local node, OR if the traffic matches at least one ingress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy does not allow any traffic (and servessolely to ensure that the pods it selects are isolated by default)", + MarkdownDescription: "ingress is a list of ingress rules to be applied to the selected pods.Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod(and cluster policy otherwise allows the traffic), OR if the traffic source isthe pod's local node, OR if the traffic matches at least one ingress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy does not allow any traffic (and servessolely to ensure that the pods it selects are isolated by default)", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "from": schema.ListNestedAttribute{ - Description: "from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.", - MarkdownDescription: "from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.", + Description: "from is a list of sources which should be able to access the pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all sources (traffic not restricted bysource). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the from list.", + MarkdownDescription: "from is a list of sources which should be able to access the pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all sources (traffic not restricted bysource). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the from list.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ip_block": schema.SingleNestedAttribute{ - Description: "ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.", - MarkdownDescription: "ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.", + Description: "ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be.", + MarkdownDescription: "ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be.", Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ - Description: "cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64'", - MarkdownDescription: "cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64'", + Description: "cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'", + MarkdownDescription: "cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'", Required: true, Optional: false, Computed: false, }, "except": schema.ListAttribute{ - Description: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range", - MarkdownDescription: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range", + Description: "except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range", + MarkdownDescription: "except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range", ElementType: types.StringType, Required: false, Optional: true, @@ -816,8 +816,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.", - MarkdownDescription: "namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.", + Description: "namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector.", + MarkdownDescription: "namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -833,16 +833,16 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -856,8 +856,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -870,8 +870,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "pod_selector": schema.SingleNestedAttribute{ - Description: "podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.", - MarkdownDescription: "podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.", + Description: "podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace.", + MarkdownDescription: "podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -887,16 +887,16 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -910,8 +910,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -930,29 +930,29 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "ports": schema.ListNestedAttribute{ - Description: "ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", - MarkdownDescription: "ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", + Description: "ports is a list of ports which should be made accessible on the pods selected forthis rule. Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list.", + MarkdownDescription: "ports is a list of ports which should be made accessible on the pods selected forthis rule. Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "end_port": schema.Int64Attribute{ - Description: "endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", - MarkdownDescription: "endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", + Description: "endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port.", + MarkdownDescription: "endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port.", Required: false, Optional: true, Computed: false, }, "port": schema.StringAttribute{ - Description: "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", - MarkdownDescription: "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", + Description: "port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched.", + MarkdownDescription: "port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched.", Required: false, Optional: true, Computed: false, }, "protocol": schema.StringAttribute{ - Description: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", - MarkdownDescription: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", + Description: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP.", + MarkdownDescription: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP.", Required: false, Optional: true, Computed: false, @@ -971,8 +971,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "pod_selector": schema.SingleNestedAttribute{ - Description: "podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.", - MarkdownDescription: "podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.", + Description: "podSelector selects the pods to which this NetworkPolicy object applies.The array of ingress rules is applied to any pods selected by this field.Multiple network policies can select the same set of pods. In this case,the ingress rules for each are combined additively.This field is NOT optional and follows standard label selector semantics.An empty podSelector matches all pods in this namespace.", + MarkdownDescription: "podSelector selects the pods to which this NetworkPolicy object applies.The array of ingress rules is applied to any pods selected by this field.Multiple network policies can select the same set of pods. In this case,the ingress rules for each are combined additively.This field is NOT optional and follows standard label selector semantics.An empty podSelector matches all pods in this namespace.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -988,16 +988,16 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1011,8 +1011,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1025,8 +1025,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "policy_types": schema.ListAttribute{ - Description: "policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress']. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include 'Egress' (since such a policy would not include an egress section and would otherwise default to just [ 'Ingress' ]). This field is beta-level in 1.8", - MarkdownDescription: "policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress']. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include 'Egress' (since such a policy would not include an egress section and would otherwise default to just [ 'Ingress' ]). This field is beta-level in 1.8", + Description: "policyTypes is a list of rule types that the NetworkPolicy relates to.Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress'].If this field is not specified, it will default based on the existence of ingress or egress rules;policies that contain an egress section are assumed to affect egress, and all policies(whether or not they contain an ingress section) are assumed to affect ingress.If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ].Likewise, if you want to write a policy that specifies that no egress is allowed,you must specify a policyTypes value that include 'Egress' (since such a policy would not includean egress section and would otherwise default to just [ 'Ingress' ]).This field is beta-level in 1.8", + MarkdownDescription: "policyTypes is a list of rule types that the NetworkPolicy relates to.Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress'].If this field is not specified, it will default based on the existence of ingress or egress rules;policies that contain an egress section are assumed to affect egress, and all policies(whether or not they contain an ingress section) are assumed to affect ingress.If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ].Likewise, if you want to write a policy that specifies that no egress is allowed,you must specify a policyTypes value that include 'Egress' (since such a policy would not includean egress section and would otherwise default to just [ 'Ingress' ]).This field is beta-level in 1.8", ElementType: types.StringType, Required: false, Optional: true, @@ -1150,8 +1150,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hard": schema.MapAttribute{ - Description: "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - MarkdownDescription: "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + Description: "hard is the set of desired hard limits for each named resource.More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + MarkdownDescription: "hard is the set of desired hard limits for each named resource.More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", ElementType: types.StringType, Required: false, Optional: true, @@ -1159,8 +1159,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "scope_selector": schema.SingleNestedAttribute{ - Description: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", - MarkdownDescription: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", + Description: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quotabut expressed using ScopeSelectorOperator in combination with possible values.For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", + MarkdownDescription: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quotabut expressed using ScopeSelectorOperator in combination with possible values.For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "A list of scope selector requirements by scope of the resources.", @@ -1168,8 +1168,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "operator": schema.StringAttribute{ - Description: "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.", - MarkdownDescription: "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.", + Description: "Represents a scope's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist.", + MarkdownDescription: "Represents a scope's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1184,8 +1184,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty.This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty.This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1204,8 +1204,8 @@ func (r *CapsuleClastixIoTenantV1Beta1Manifest) Schema(_ context.Context, _ data }, "scopes": schema.ListAttribute{ - Description: "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", - MarkdownDescription: "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", + Description: "A collection of filters that must match each object tracked by a quota.If not specified, the quota matches all objects.", + MarkdownDescription: "A collection of filters that must match each object tracked by a quota.If not specified, the quota matches all objects.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/capsule_clastix_io_v1beta2/capsule_clastix_io_capsule_configuration_v1beta2_manifest.go b/internal/provider/capsule_clastix_io_v1beta2/capsule_clastix_io_capsule_configuration_v1beta2_manifest.go index 984ad30ae..e2b928cfc 100644 --- a/internal/provider/capsule_clastix_io_v1beta2/capsule_clastix_io_capsule_configuration_v1beta2_manifest.go +++ b/internal/provider/capsule_clastix_io_v1beta2/capsule_clastix_io_capsule_configuration_v1beta2_manifest.go @@ -130,24 +130,24 @@ func (r *CapsuleClastixIoCapsuleConfigurationV1Beta2Manifest) Schema(_ context.C MarkdownDescription: "CapsuleConfigurationSpec defines the Capsule configuration.", Attributes: map[string]schema.Attribute{ "enable_tls_reconciler": schema.BoolAttribute{ - Description: "Toggles the TLS reconciler, the controller that is able to generate CA and certificates for the webhooks when not using an already provided CA and certificate, or when these are managed externally with Vault, or cert-manager.", - MarkdownDescription: "Toggles the TLS reconciler, the controller that is able to generate CA and certificates for the webhooks when not using an already provided CA and certificate, or when these are managed externally with Vault, or cert-manager.", + Description: "Toggles the TLS reconciler, the controller that is able to generate CA and certificates for the webhookswhen not using an already provided CA and certificate, or when these are managed externally with Vault, or cert-manager.", + MarkdownDescription: "Toggles the TLS reconciler, the controller that is able to generate CA and certificates for the webhookswhen not using an already provided CA and certificate, or when these are managed externally with Vault, or cert-manager.", Required: true, Optional: false, Computed: false, }, "force_tenant_prefix": schema.BoolAttribute{ - Description: "Enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash. This is useful to avoid Namespace name collision in a public CaaS environment.", - MarkdownDescription: "Enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix, separated by a dash. This is useful to avoid Namespace name collision in a public CaaS environment.", + Description: "Enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix,separated by a dash. This is useful to avoid Namespace name collision in a public CaaS environment.", + MarkdownDescription: "Enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix,separated by a dash. This is useful to avoid Namespace name collision in a public CaaS environment.", Required: false, Optional: true, Computed: false, }, "node_metadata": schema.SingleNestedAttribute{ - Description: "Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant. This applies only if the Tenant has an active NodeSelector, and the Owner have right to patch their nodes.", - MarkdownDescription: "Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant. This applies only if the Tenant has an active NodeSelector, and the Owner have right to patch their nodes.", + Description: "Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant.This applies only if the Tenant has an active NodeSelector, and the Owner have right to patch their nodes.", + MarkdownDescription: "Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant.This applies only if the Tenant has an active NodeSelector, and the Owner have right to patch their nodes.", Attributes: map[string]schema.Attribute{ "forbidden_annotations": schema.SingleNestedAttribute{ Description: "Define the annotations that a Tenant Owner cannot set for their nodes.", @@ -207,12 +207,12 @@ func (r *CapsuleClastixIoCapsuleConfigurationV1Beta2Manifest) Schema(_ context.C }, "overrides": schema.SingleNestedAttribute{ - Description: "Allows to set different name rather than the canonical one for the Capsule configuration objects, such as webhook secret or configurations.", - MarkdownDescription: "Allows to set different name rather than the canonical one for the Capsule configuration objects, such as webhook secret or configurations.", + Description: "Allows to set different name rather than the canonical one for the Capsule configuration objects,such as webhook secret or configurations.", + MarkdownDescription: "Allows to set different name rather than the canonical one for the Capsule configuration objects,such as webhook secret or configurations.", Attributes: map[string]schema.Attribute{ "tls_secret_name": schema.StringAttribute{ - Description: "Defines the Secret name used for the webhook server. Must be in the same Namespace where the Capsule Deployment is deployed.", - MarkdownDescription: "Defines the Secret name used for the webhook server. Must be in the same Namespace where the Capsule Deployment is deployed.", + Description: "Defines the Secret name used for the webhook server.Must be in the same Namespace where the Capsule Deployment is deployed.", + MarkdownDescription: "Defines the Secret name used for the webhook server.Must be in the same Namespace where the Capsule Deployment is deployed.", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/capsule_clastix_io_v1beta2/capsule_clastix_io_tenant_v1beta2_manifest.go b/internal/provider/capsule_clastix_io_v1beta2/capsule_clastix_io_tenant_v1beta2_manifest.go index 9163b4209..ee2f186a5 100644 --- a/internal/provider/capsule_clastix_io_v1beta2/capsule_clastix_io_tenant_v1beta2_manifest.go +++ b/internal/provider/capsule_clastix_io_v1beta2/capsule_clastix_io_tenant_v1beta2_manifest.go @@ -347,16 +347,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "api_group": schema.StringAttribute{ - Description: "APIGroup holds the API group of the referenced subject. Defaults to '' for ServiceAccount subjects. Defaults to 'rbac.authorization.k8s.io' for User and Group subjects.", - MarkdownDescription: "APIGroup holds the API group of the referenced subject. Defaults to '' for ServiceAccount subjects. Defaults to 'rbac.authorization.k8s.io' for User and Group subjects.", + Description: "APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects.", + MarkdownDescription: "APIGroup holds the API group of the referenced subject.Defaults to '' for ServiceAccount subjects.Defaults to 'rbac.authorization.k8s.io' for User and Group subjects.", Required: false, Optional: true, Computed: false, }, "kind": schema.StringAttribute{ - Description: "Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'. If the Authorizer does not recognized the kind value, the Authorizer should report an error.", - MarkdownDescription: "Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'. If the Authorizer does not recognized the kind value, the Authorizer should report an error.", + Description: "Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error.", + MarkdownDescription: "Kind of object being referenced. Values defined by this API group are 'User', 'Group', and 'ServiceAccount'.If the Authorizer does not recognized the kind value, the Authorizer should report an error.", Required: true, Optional: false, Computed: false, @@ -371,8 +371,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "namespace": schema.StringAttribute{ - Description: "Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not empty the Authorizer should report an error.", - MarkdownDescription: "Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not empty the Authorizer should report an error.", + Description: "Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error.", + MarkdownDescription: "Namespace of the referenced object. If the object kind is non-namespace, such as 'User' or 'Group', and this value is not emptythe Authorizer should report an error.", Required: false, Optional: true, Computed: false, @@ -446,8 +446,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "allowed_classes": schema.SingleNestedAttribute{ - Description: "Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. A default value can be specified, and all the Ingress resources created will inherit the declared class. Optional.", - MarkdownDescription: "Specifies the allowed IngressClasses assigned to the Tenant. Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses. A default value can be specified, and all the Ingress resources created will inherit the declared class. Optional.", + Description: "Specifies the allowed IngressClasses assigned to the Tenant.Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses.A default value can be specified, and all the Ingress resources created will inherit the declared class.Optional.", + MarkdownDescription: "Specifies the allowed IngressClasses assigned to the Tenant.Capsule assures that all Ingress resources created in the Tenant can use only one of the allowed IngressClasses.A default value can be specified, and all the Ingress resources created will inherit the declared class.Optional.", Attributes: map[string]schema.Attribute{ "allowed": schema.ListAttribute{ Description: "", @@ -488,16 +488,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -511,8 +511,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -551,8 +551,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "hostname_collision_scope": schema.StringAttribute{ - Description: "Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames. - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule. - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant. - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace. Optional.", - MarkdownDescription: "Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames. - Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule. - Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant. - Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace. Optional.", + Description: "Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.- Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule.- Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant.- Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace.Optional.", + MarkdownDescription: "Defines the scope of hostname collision check performed when Tenant Owners create Ingress with allowed hostnames.- Cluster: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces managed by Capsule.- Tenant: disallow the creation of an Ingress if the pair hostname and path is already used across the Namespaces of the Tenant.- Namespace: disallow the creation of an Ingress if the pair hostname and path is already used in the Ingress Namespace.Optional.", Required: false, Optional: true, Computed: false, @@ -759,34 +759,34 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "egress": schema.ListNestedAttribute{ - Description: "egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8", - MarkdownDescription: "egress is a list of egress rules to be applied to the selected pods. Outgoing traffic is allowed if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic matches at least one egress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy limits all outgoing traffic (and serves solely to ensure that the pods it selects are isolated by default). This field is beta-level in 1.8", + Description: "egress is a list of egress rules to be applied to the selected pods. Outgoing trafficis allowed if there are no NetworkPolicies selecting the pod (and cluster policyotherwise allows the traffic), OR if the traffic matches at least one egress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy limits all outgoing traffic (and servessolely to ensure that the pods it selects are isolated by default).This field is beta-level in 1.8", + MarkdownDescription: "egress is a list of egress rules to be applied to the selected pods. Outgoing trafficis allowed if there are no NetworkPolicies selecting the pod (and cluster policyotherwise allows the traffic), OR if the traffic matches at least one egress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy limits all outgoing traffic (and servessolely to ensure that the pods it selects are isolated by default).This field is beta-level in 1.8", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ports": schema.ListNestedAttribute{ - Description: "ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", - MarkdownDescription: "ports is a list of destination ports for outgoing traffic. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", + Description: "ports is a list of destination ports for outgoing traffic.Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list.", + MarkdownDescription: "ports is a list of destination ports for outgoing traffic.Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "end_port": schema.Int64Attribute{ - Description: "endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", - MarkdownDescription: "endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", + Description: "endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port.", + MarkdownDescription: "endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port.", Required: false, Optional: true, Computed: false, }, "port": schema.StringAttribute{ - Description: "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", - MarkdownDescription: "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", + Description: "port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched.", + MarkdownDescription: "port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched.", Required: false, Optional: true, Computed: false, }, "protocol": schema.StringAttribute{ - Description: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", - MarkdownDescription: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", + Description: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP.", + MarkdownDescription: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP.", Required: false, Optional: true, Computed: false, @@ -799,25 +799,25 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "to": schema.ListNestedAttribute{ - Description: "to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", - MarkdownDescription: "to is a list of destinations for outgoing traffic of pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all destinations (traffic not restricted by destination). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the to list.", + Description: "to is a list of destinations for outgoing traffic of pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all destinations (traffic not restricted bydestination). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the to list.", + MarkdownDescription: "to is a list of destinations for outgoing traffic of pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all destinations (traffic not restricted bydestination). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the to list.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ip_block": schema.SingleNestedAttribute{ - Description: "ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.", - MarkdownDescription: "ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.", + Description: "ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be.", + MarkdownDescription: "ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be.", Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ - Description: "cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64'", - MarkdownDescription: "cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64'", + Description: "cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'", + MarkdownDescription: "cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'", Required: true, Optional: false, Computed: false, }, "except": schema.ListAttribute{ - Description: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range", - MarkdownDescription: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range", + Description: "except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range", + MarkdownDescription: "except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range", ElementType: types.StringType, Required: false, Optional: true, @@ -830,8 +830,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.", - MarkdownDescription: "namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.", + Description: "namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector.", + MarkdownDescription: "namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -847,16 +847,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -870,8 +870,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -884,8 +884,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "pod_selector": schema.SingleNestedAttribute{ - Description: "podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.", - MarkdownDescription: "podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.", + Description: "podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace.", + MarkdownDescription: "podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -901,16 +901,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -924,8 +924,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -950,30 +950,30 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "ingress": schema.ListNestedAttribute{ - Description: "ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)", - MarkdownDescription: "ingress is a list of ingress rules to be applied to the selected pods. Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod (and cluster policy otherwise allows the traffic), OR if the traffic source is the pod's local node, OR if the traffic matches at least one ingress rule across all of the NetworkPolicy objects whose podSelector matches the pod. If this field is empty then this NetworkPolicy does not allow any traffic (and serves solely to ensure that the pods it selects are isolated by default)", + Description: "ingress is a list of ingress rules to be applied to the selected pods.Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod(and cluster policy otherwise allows the traffic), OR if the traffic source isthe pod's local node, OR if the traffic matches at least one ingress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy does not allow any traffic (and servessolely to ensure that the pods it selects are isolated by default)", + MarkdownDescription: "ingress is a list of ingress rules to be applied to the selected pods.Traffic is allowed to a pod if there are no NetworkPolicies selecting the pod(and cluster policy otherwise allows the traffic), OR if the traffic source isthe pod's local node, OR if the traffic matches at least one ingress ruleacross all of the NetworkPolicy objects whose podSelector matches the pod. Ifthis field is empty then this NetworkPolicy does not allow any traffic (and servessolely to ensure that the pods it selects are isolated by default)", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "from": schema.ListNestedAttribute{ - Description: "from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.", - MarkdownDescription: "from is a list of sources which should be able to access the pods selected for this rule. Items in this list are combined using a logical OR operation. If this field is empty or missing, this rule matches all sources (traffic not restricted by source). If this field is present and contains at least one item, this rule allows traffic only if the traffic matches at least one item in the from list.", + Description: "from is a list of sources which should be able to access the pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all sources (traffic not restricted bysource). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the from list.", + MarkdownDescription: "from is a list of sources which should be able to access the pods selected for this rule.Items in this list are combined using a logical OR operation. If this field isempty or missing, this rule matches all sources (traffic not restricted bysource). If this field is present and contains at least one item, this ruleallows traffic only if the traffic matches at least one item in the from list.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "ip_block": schema.SingleNestedAttribute{ - Description: "ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.", - MarkdownDescription: "ipBlock defines policy on a particular IPBlock. If this field is set then neither of the other fields can be.", + Description: "ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be.", + MarkdownDescription: "ipBlock defines policy on a particular IPBlock. If this field is set thenneither of the other fields can be.", Attributes: map[string]schema.Attribute{ "cidr": schema.StringAttribute{ - Description: "cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64'", - MarkdownDescription: "cidr is a string representing the IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64'", + Description: "cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'", + MarkdownDescription: "cidr is a string representing the IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'", Required: true, Optional: false, Computed: false, }, "except": schema.ListAttribute{ - Description: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range", - MarkdownDescription: "except is a slice of CIDRs that should not be included within an IPBlock Valid examples are '192.168.1.0/24' or '2001:db8::/64' Except values will be rejected if they are outside the cidr range", + Description: "except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range", + MarkdownDescription: "except is a slice of CIDRs that should not be included within an IPBlockValid examples are '192.168.1.0/24' or '2001:db8::/64'Except values will be rejected if they are outside the cidr range", ElementType: types.StringType, Required: false, Optional: true, @@ -986,8 +986,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "namespace_selector": schema.SingleNestedAttribute{ - Description: "namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.", - MarkdownDescription: "namespaceSelector selects namespaces using cluster-scoped labels. This field follows standard label selector semantics; if present but empty, it selects all namespaces. If podSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the namespaces selected by namespaceSelector. Otherwise it selects all pods in the namespaces selected by namespaceSelector.", + Description: "namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector.", + MarkdownDescription: "namespaceSelector selects namespaces using cluster-scoped labels. This field followsstandard label selector semantics; if present but empty, it selects all namespaces.If podSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the namespaces selected by namespaceSelector.Otherwise it selects all pods in the namespaces selected by namespaceSelector.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -1003,16 +1003,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1026,8 +1026,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1040,8 +1040,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "pod_selector": schema.SingleNestedAttribute{ - Description: "podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.", - MarkdownDescription: "podSelector is a label selector which selects pods. This field follows standard label selector semantics; if present but empty, it selects all pods. If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selects the pods matching podSelector in the Namespaces selected by NamespaceSelector. Otherwise it selects the pods matching podSelector in the policy's own namespace.", + Description: "podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace.", + MarkdownDescription: "podSelector is a label selector which selects pods. This field follows standard labelselector semantics; if present but empty, it selects all pods.If namespaceSelector is also set, then the NetworkPolicyPeer as a whole selectsthe pods matching podSelector in the Namespaces selected by NamespaceSelector.Otherwise it selects the pods matching podSelector in the policy's own namespace.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -1057,16 +1057,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1080,8 +1080,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1100,29 +1100,29 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "ports": schema.ListNestedAttribute{ - Description: "ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", - MarkdownDescription: "ports is a list of ports which should be made accessible on the pods selected for this rule. Each item in this list is combined using a logical OR. If this field is empty or missing, this rule matches all ports (traffic not restricted by port). If this field is present and contains at least one item, then this rule allows traffic only if the traffic matches at least one port in the list.", + Description: "ports is a list of ports which should be made accessible on the pods selected forthis rule. Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list.", + MarkdownDescription: "ports is a list of ports which should be made accessible on the pods selected forthis rule. Each item in this list is combined using a logical OR. If this field isempty or missing, this rule matches all ports (traffic not restricted by port).If this field is present and contains at least one item, then this rule allowstraffic only if the traffic matches at least one port in the list.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "end_port": schema.Int64Attribute{ - Description: "endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", - MarkdownDescription: "endPort indicates that the range of ports from port to endPort if set, inclusive, should be allowed by the policy. This field cannot be defined if the port field is not defined or if the port field is defined as a named (string) port. The endPort must be equal or greater than port.", + Description: "endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port.", + MarkdownDescription: "endPort indicates that the range of ports from port to endPort if set, inclusive,should be allowed by the policy. This field cannot be defined if the port fieldis not defined or if the port field is defined as a named (string) port.The endPort must be equal or greater than port.", Required: false, Optional: true, Computed: false, }, "port": schema.StringAttribute{ - Description: "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", - MarkdownDescription: "port represents the port on the given protocol. This can either be a numerical or named port on a pod. If this field is not provided, this matches all port names and numbers. If present, only traffic on the specified protocol AND port will be matched.", + Description: "port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched.", + MarkdownDescription: "port represents the port on the given protocol. This can either be a numerical or namedport on a pod. If this field is not provided, this matches all port names andnumbers.If present, only traffic on the specified protocol AND port will be matched.", Required: false, Optional: true, Computed: false, }, "protocol": schema.StringAttribute{ - Description: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", - MarkdownDescription: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this field defaults to TCP.", + Description: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP.", + MarkdownDescription: "protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.If not specified, this field defaults to TCP.", Required: false, Optional: true, Computed: false, @@ -1141,8 +1141,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "pod_selector": schema.SingleNestedAttribute{ - Description: "podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.", - MarkdownDescription: "podSelector selects the pods to which this NetworkPolicy object applies. The array of ingress rules is applied to any pods selected by this field. Multiple network policies can select the same set of pods. In this case, the ingress rules for each are combined additively. This field is NOT optional and follows standard label selector semantics. An empty podSelector matches all pods in this namespace.", + Description: "podSelector selects the pods to which this NetworkPolicy object applies.The array of ingress rules is applied to any pods selected by this field.Multiple network policies can select the same set of pods. In this case,the ingress rules for each are combined additively.This field is NOT optional and follows standard label selector semantics.An empty podSelector matches all pods in this namespace.", + MarkdownDescription: "podSelector selects the pods to which this NetworkPolicy object applies.The array of ingress rules is applied to any pods selected by this field.Multiple network policies can select the same set of pods. In this case,the ingress rules for each are combined additively.This field is NOT optional and follows standard label selector semantics.An empty podSelector matches all pods in this namespace.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -1158,16 +1158,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1181,8 +1181,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1195,8 +1195,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "policy_types": schema.ListAttribute{ - Description: "policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress']. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include 'Egress' (since such a policy would not include an egress section and would otherwise default to just [ 'Ingress' ]). This field is beta-level in 1.8", - MarkdownDescription: "policyTypes is a list of rule types that the NetworkPolicy relates to. Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress']. If this field is not specified, it will default based on the existence of ingress or egress rules; policies that contain an egress section are assumed to affect egress, and all policies (whether or not they contain an ingress section) are assumed to affect ingress. If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ]. Likewise, if you want to write a policy that specifies that no egress is allowed, you must specify a policyTypes value that include 'Egress' (since such a policy would not include an egress section and would otherwise default to just [ 'Ingress' ]). This field is beta-level in 1.8", + Description: "policyTypes is a list of rule types that the NetworkPolicy relates to.Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress'].If this field is not specified, it will default based on the existence of ingress or egress rules;policies that contain an egress section are assumed to affect egress, and all policies(whether or not they contain an ingress section) are assumed to affect ingress.If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ].Likewise, if you want to write a policy that specifies that no egress is allowed,you must specify a policyTypes value that include 'Egress' (since such a policy would not includean egress section and would otherwise default to just [ 'Ingress' ]).This field is beta-level in 1.8", + MarkdownDescription: "policyTypes is a list of rule types that the NetworkPolicy relates to.Valid options are ['Ingress'], ['Egress'], or ['Ingress', 'Egress'].If this field is not specified, it will default based on the existence of ingress or egress rules;policies that contain an egress section are assumed to affect egress, and all policies(whether or not they contain an ingress section) are assumed to affect ingress.If you want to write an egress-only policy, you must explicitly specify policyTypes [ 'Egress' ].Likewise, if you want to write a policy that specifies that no egress is allowed,you must specify a policyTypes value that include 'Egress' (since such a policy would not includean egress section and would otherwise default to just [ 'Ingress' ]).This field is beta-level in 1.8", ElementType: types.StringType, Required: false, Optional: true, @@ -1330,16 +1330,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "prevent_deletion": schema.BoolAttribute{ - Description: "Prevent accidental deletion of the Tenant. When enabled, the deletion request will be declined.", - MarkdownDescription: "Prevent accidental deletion of the Tenant. When enabled, the deletion request will be declined.", + Description: "Prevent accidental deletion of the Tenant.When enabled, the deletion request will be declined.", + MarkdownDescription: "Prevent accidental deletion of the Tenant.When enabled, the deletion request will be declined.", Required: false, Optional: true, Computed: false, }, "priority_classes": schema.SingleNestedAttribute{ - Description: "Specifies the allowed priorityClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses. A default value can be specified, and all the Pod resources created will inherit the declared class. Optional.", - MarkdownDescription: "Specifies the allowed priorityClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses. A default value can be specified, and all the Pod resources created will inherit the declared class. Optional.", + Description: "Specifies the allowed priorityClasses assigned to the Tenant.Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses.A default value can be specified, and all the Pod resources created will inherit the declared class.Optional.", + MarkdownDescription: "Specifies the allowed priorityClasses assigned to the Tenant.Capsule assures that all Pods resources created in the Tenant can use only one of the allowed PriorityClasses.A default value can be specified, and all the Pod resources created will inherit the declared class.Optional.", Attributes: map[string]schema.Attribute{ "allowed": schema.ListAttribute{ Description: "", @@ -1380,16 +1380,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1403,8 +1403,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1426,8 +1426,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hard": schema.MapAttribute{ - Description: "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", - MarkdownDescription: "hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + Description: "hard is the set of desired hard limits for each named resource.More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", + MarkdownDescription: "hard is the set of desired hard limits for each named resource.More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/", ElementType: types.StringType, Required: false, Optional: true, @@ -1435,8 +1435,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "scope_selector": schema.SingleNestedAttribute{ - Description: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", - MarkdownDescription: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", + Description: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quotabut expressed using ScopeSelectorOperator in combination with possible values.For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", + MarkdownDescription: "scopeSelector is also a collection of filters like scopes that must match each object tracked by a quotabut expressed using ScopeSelectorOperator in combination with possible values.For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "A list of scope selector requirements by scope of the resources.", @@ -1444,8 +1444,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "operator": schema.StringAttribute{ - Description: "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.", - MarkdownDescription: "Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.", + Description: "Represents a scope's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist.", + MarkdownDescription: "Represents a scope's relationship to a set of values.Valid operators are In, NotIn, Exists, DoesNotExist.", Required: true, Optional: false, Computed: false, @@ -1460,8 +1460,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "values": schema.ListAttribute{ - Description: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty.This array is replaced during a strategic merge patch.", + MarkdownDescription: "An array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty.This array is replaced during a strategic merge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1480,8 +1480,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "scopes": schema.ListAttribute{ - Description: "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", - MarkdownDescription: "A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.", + Description: "A collection of filters that must match each object tracked by a quota.If not specified, the quota matches all objects.", + MarkdownDescription: "A collection of filters that must match each object tracked by a quota.If not specified, the quota matches all objects.", ElementType: types.StringType, Required: false, Optional: true, @@ -1511,8 +1511,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "runtime_classes": schema.SingleNestedAttribute{ - Description: "Specifies the allowed RuntimeClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed RuntimeClasses. Optional.", - MarkdownDescription: "Specifies the allowed RuntimeClasses assigned to the Tenant. Capsule assures that all Pods resources created in the Tenant can use only one of the allowed RuntimeClasses. Optional.", + Description: "Specifies the allowed RuntimeClasses assigned to the Tenant.Capsule assures that all Pods resources created in the Tenant can use only one of the allowed RuntimeClasses.Optional.", + MarkdownDescription: "Specifies the allowed RuntimeClasses assigned to the Tenant.Capsule assures that all Pods resources created in the Tenant can use only one of the allowed RuntimeClasses.Optional.", Attributes: map[string]schema.Attribute{ "allowed": schema.ListAttribute{ Description: "", @@ -1545,16 +1545,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1568,8 +1568,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, @@ -1721,8 +1721,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "storage_classes": schema.SingleNestedAttribute{ - Description: "Specifies the allowed StorageClasses assigned to the Tenant. Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses. A default value can be specified, and all the PersistentVolumeClaim resources created will inherit the declared class. Optional.", - MarkdownDescription: "Specifies the allowed StorageClasses assigned to the Tenant. Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses. A default value can be specified, and all the PersistentVolumeClaim resources created will inherit the declared class. Optional.", + Description: "Specifies the allowed StorageClasses assigned to the Tenant.Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses.A default value can be specified, and all the PersistentVolumeClaim resources created will inherit the declared class.Optional.", + MarkdownDescription: "Specifies the allowed StorageClasses assigned to the Tenant.Capsule assures that all PersistentVolumeClaim resources created in the Tenant can use only one of the allowed StorageClasses.A default value can be specified, and all the PersistentVolumeClaim resources created will inherit the declared class.Optional.", Attributes: map[string]schema.Attribute{ "allowed": schema.ListAttribute{ Description: "", @@ -1763,16 +1763,16 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "operator": schema.StringAttribute{ - Description: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", - MarkdownDescription: "operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.", + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", Required: true, Optional: false, Computed: false, }, "values": schema.ListAttribute{ - Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", - MarkdownDescription: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", ElementType: types.StringType, Required: false, Optional: true, @@ -1786,8 +1786,8 @@ func (r *CapsuleClastixIoTenantV1Beta2Manifest) Schema(_ context.Context, _ data }, "match_labels": schema.MapAttribute{ - Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", - MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is 'key', the operator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_cluster_v1_manifest.go b/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_cluster_v1_manifest.go index 0a2da223c..5cef1c74e 100644 --- a/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_cluster_v1_manifest.go +++ b/internal/provider/ceph_rook_io_v1/ceph_rook_io_ceph_cluster_v1_manifest.go @@ -3741,6 +3741,9 @@ func (r *CephRookIoCephClusterV1Manifest) Schema(_ context.Context, _ datasource Required: true, Optional: false, Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(40), + }, }, "placement": schema.SingleNestedAttribute{ diff --git a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest.go b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest.go index d41c1bdd9..a53556166 100644 --- a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest.go +++ b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest.go @@ -131,12 +131,12 @@ func (r *ElasticacheServicesK8SAwsCacheParameterGroupV1Alpha1Manifest) Schema(_ }, "spec": schema.SingleNestedAttribute{ - Description: "CacheParameterGroupSpec defines the desired state of CacheParameterGroup. Represents the output of a CreateCacheParameterGroup operation.", - MarkdownDescription: "CacheParameterGroupSpec defines the desired state of CacheParameterGroup. Represents the output of a CreateCacheParameterGroup operation.", + Description: "CacheParameterGroupSpec defines the desired state of CacheParameterGroup.Represents the output of a CreateCacheParameterGroup operation.", + MarkdownDescription: "CacheParameterGroupSpec defines the desired state of CacheParameterGroup.Represents the output of a CreateCacheParameterGroup operation.", Attributes: map[string]schema.Attribute{ "cache_parameter_group_family": schema.StringAttribute{ - Description: "The name of the cache parameter group family that the cache parameter group can be used with. Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x", - MarkdownDescription: "The name of the cache parameter group family that the cache parameter group can be used with. Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 | redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x", + Description: "The name of the cache parameter group family that the cache parameter groupcan be used with.Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 |redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x", + MarkdownDescription: "The name of the cache parameter group family that the cache parameter groupcan be used with.Valid values are: memcached1.4 | memcached1.5 | memcached1.6 | redis2.6 |redis2.8 | redis3.2 | redis4.0 | redis5.0 | redis6.x", Required: true, Optional: false, Computed: false, @@ -159,8 +159,8 @@ func (r *ElasticacheServicesK8SAwsCacheParameterGroupV1Alpha1Manifest) Schema(_ }, "parameter_name_values": schema.ListNestedAttribute{ - Description: "An array of parameter names and values for the parameter update. You must supply at least one parameter name and value; subsequent arguments are optional. A maximum of 20 parameters may be modified per request.", - MarkdownDescription: "An array of parameter names and values for the parameter update. You must supply at least one parameter name and value; subsequent arguments are optional. A maximum of 20 parameters may be modified per request.", + Description: "An array of parameter names and values for the parameter update. You mustsupply at least one parameter name and value; subsequent arguments are optional.A maximum of 20 parameters may be modified per request.", + MarkdownDescription: "An array of parameter names and values for the parameter update. You mustsupply at least one parameter name and value; subsequent arguments are optional.A maximum of 20 parameters may be modified per request.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "parameter_name": schema.StringAttribute{ @@ -186,8 +186,8 @@ func (r *ElasticacheServicesK8SAwsCacheParameterGroupV1Alpha1Manifest) Schema(_ }, "tags": schema.ListNestedAttribute{ - Description: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", - MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", + Description: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", + MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ diff --git a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest.go b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest.go index 91a57f82e..4cf5c7d0c 100644 --- a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest.go +++ b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest.go @@ -132,8 +132,8 @@ func (r *ElasticacheServicesK8SAwsCacheSubnetGroupV1Alpha1Manifest) Schema(_ con }, "spec": schema.SingleNestedAttribute{ - Description: "CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup. Represents the output of one of the following operations: * CreateCacheSubnetGroup * ModifyCacheSubnetGroup", - MarkdownDescription: "CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup. Represents the output of one of the following operations: * CreateCacheSubnetGroup * ModifyCacheSubnetGroup", + Description: "CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup.Represents the output of one of the following operations: * CreateCacheSubnetGroup * ModifyCacheSubnetGroup", + MarkdownDescription: "CacheSubnetGroupSpec defines the desired state of CacheSubnetGroup.Represents the output of one of the following operations: * CreateCacheSubnetGroup * ModifyCacheSubnetGroup", Attributes: map[string]schema.Attribute{ "cache_subnet_group_description": schema.StringAttribute{ Description: "A description for the cache subnet group.", @@ -144,8 +144,8 @@ func (r *ElasticacheServicesK8SAwsCacheSubnetGroupV1Alpha1Manifest) Schema(_ con }, "cache_subnet_group_name": schema.StringAttribute{ - Description: "A name for the cache subnet group. This value is stored as a lowercase string. Constraints: Must contain no more than 255 alphanumeric characters or hyphens. Example: mysubnetgroup", - MarkdownDescription: "A name for the cache subnet group. This value is stored as a lowercase string. Constraints: Must contain no more than 255 alphanumeric characters or hyphens. Example: mysubnetgroup", + Description: "A name for the cache subnet group. This value is stored as a lowercase string.Constraints: Must contain no more than 255 alphanumeric characters or hyphens.Example: mysubnetgroup", + MarkdownDescription: "A name for the cache subnet group. This value is stored as a lowercase string.Constraints: Must contain no more than 255 alphanumeric characters or hyphens.Example: mysubnetgroup", Required: true, Optional: false, Computed: false, @@ -166,8 +166,8 @@ func (r *ElasticacheServicesK8SAwsCacheSubnetGroupV1Alpha1Manifest) Schema(_ con NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "from": schema.SingleNestedAttribute{ - Description: "AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name)", - MarkdownDescription: "AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name)", + Description: "AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name)", + MarkdownDescription: "AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name)", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "", @@ -189,8 +189,8 @@ func (r *ElasticacheServicesK8SAwsCacheSubnetGroupV1Alpha1Manifest) Schema(_ con }, "tags": schema.ListNestedAttribute{ - Description: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", - MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", + Description: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", + MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ diff --git a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_replication_group_v1alpha1_manifest.go b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_replication_group_v1alpha1_manifest.go index ceca84ffd..d06573780 100644 --- a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_replication_group_v1alpha1_manifest.go +++ b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_replication_group_v1alpha1_manifest.go @@ -194,20 +194,20 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "spec": schema.SingleNestedAttribute{ - Description: "ReplicationGroupSpec defines the desired state of ReplicationGroup. Contains all of the attributes of a specific Redis replication group.", - MarkdownDescription: "ReplicationGroupSpec defines the desired state of ReplicationGroup. Contains all of the attributes of a specific Redis replication group.", + Description: "ReplicationGroupSpec defines the desired state of ReplicationGroup.Contains all of the attributes of a specific Redis replication group.", + MarkdownDescription: "ReplicationGroupSpec defines the desired state of ReplicationGroup.Contains all of the attributes of a specific Redis replication group.", Attributes: map[string]schema.Attribute{ "at_rest_encryption_enabled": schema.BoolAttribute{ - Description: "A flag that enables encryption at rest when set to true. You cannot modify the value of AtRestEncryptionEnabled after the replication group is created. To enable encryption at rest on a replication group you must set AtRestEncryptionEnabled to true when you create the replication group. Required: Only available when creating a replication group in an Amazon VPC using redis version 3.2.6, 4.x or later. Default: false", - MarkdownDescription: "A flag that enables encryption at rest when set to true. You cannot modify the value of AtRestEncryptionEnabled after the replication group is created. To enable encryption at rest on a replication group you must set AtRestEncryptionEnabled to true when you create the replication group. Required: Only available when creating a replication group in an Amazon VPC using redis version 3.2.6, 4.x or later. Default: false", + Description: "A flag that enables encryption at rest when set to true.You cannot modify the value of AtRestEncryptionEnabled after the replicationgroup is created. To enable encryption at rest on a replication group youmust set AtRestEncryptionEnabled to true when you create the replicationgroup.Required: Only available when creating a replication group in an Amazon VPCusing redis version 3.2.6, 4.x or later.Default: false", + MarkdownDescription: "A flag that enables encryption at rest when set to true.You cannot modify the value of AtRestEncryptionEnabled after the replicationgroup is created. To enable encryption at rest on a replication group youmust set AtRestEncryptionEnabled to true when you create the replicationgroup.Required: Only available when creating a replication group in an Amazon VPCusing redis version 3.2.6, 4.x or later.Default: false", Required: false, Optional: true, Computed: false, }, "auth_token": schema.SingleNestedAttribute{ - Description: "Reserved parameter. The password used to access a password protected server. AuthToken can be specified only on replication groups where TransitEncryptionEnabled is true. For HIPAA compliance, you must specify TransitEncryptionEnabled as true, an AuthToken, and a CacheSubnetGroup. Password constraints: * Must be only printable ASCII characters. * Must be at least 16 characters and no more than 128 characters in length. * The only permitted printable special characters are !, &, #, $, ^, <, >, and -. Other printable special characters cannot be used in the AUTH token. For more information, see AUTH password (http://redis.io/commands/AUTH) at http://redis.io/commands/AUTH.", - MarkdownDescription: "Reserved parameter. The password used to access a password protected server. AuthToken can be specified only on replication groups where TransitEncryptionEnabled is true. For HIPAA compliance, you must specify TransitEncryptionEnabled as true, an AuthToken, and a CacheSubnetGroup. Password constraints: * Must be only printable ASCII characters. * Must be at least 16 characters and no more than 128 characters in length. * The only permitted printable special characters are !, &, #, $, ^, <, >, and -. Other printable special characters cannot be used in the AUTH token. For more information, see AUTH password (http://redis.io/commands/AUTH) at http://redis.io/commands/AUTH.", + Description: "Reserved parameter. The password used to access a password protected server.AuthToken can be specified only on replication groups where TransitEncryptionEnabledis true.For HIPAA compliance, you must specify TransitEncryptionEnabled as true,an AuthToken, and a CacheSubnetGroup.Password constraints: * Must be only printable ASCII characters. * Must be at least 16 characters and no more than 128 characters in length. * The only permitted printable special characters are !, &, #, $, ^, <, >, and -. Other printable special characters cannot be used in the AUTH token.For more information, see AUTH password (http://redis.io/commands/AUTH) athttp://redis.io/commands/AUTH.", + MarkdownDescription: "Reserved parameter. The password used to access a password protected server.AuthToken can be specified only on replication groups where TransitEncryptionEnabledis true.For HIPAA compliance, you must specify TransitEncryptionEnabled as true,an AuthToken, and a CacheSubnetGroup.Password constraints: * Must be only printable ASCII characters. * Must be at least 16 characters and no more than 128 characters in length. * The only permitted printable special characters are !, &, #, $, ^, <, >, and -. Other printable special characters cannot be used in the AUTH token.For more information, see AUTH password (http://redis.io/commands/AUTH) athttp://redis.io/commands/AUTH.", Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ Description: "Key is the key within the secret", @@ -239,36 +239,36 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "automatic_failover_enabled": schema.BoolAttribute{ - Description: "Specifies whether a read-only replica is automatically promoted to read/write primary if the existing primary fails. AutomaticFailoverEnabled must be enabled for Redis (cluster mode enabled) replication groups. Default: false", - MarkdownDescription: "Specifies whether a read-only replica is automatically promoted to read/write primary if the existing primary fails. AutomaticFailoverEnabled must be enabled for Redis (cluster mode enabled) replication groups. Default: false", + Description: "Specifies whether a read-only replica is automatically promoted to read/writeprimary if the existing primary fails.AutomaticFailoverEnabled must be enabled for Redis (cluster mode enabled)replication groups.Default: false", + MarkdownDescription: "Specifies whether a read-only replica is automatically promoted to read/writeprimary if the existing primary fails.AutomaticFailoverEnabled must be enabled for Redis (cluster mode enabled)replication groups.Default: false", Required: false, Optional: true, Computed: false, }, "cache_node_type": schema.StringAttribute{ - Description: "The compute and memory capacity of the nodes in the node group (shard). The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts. * General purpose: Current generation: M6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): cache.m6g.large, cache.m6g.xlarge, cache.m6g.2xlarge, cache.m6g.4xlarge, cache.m6g.8xlarge, cache.m6g.12xlarge, cache.m6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) M5 node types: cache.m5.large, cache.m5.xlarge, cache.m5.2xlarge, cache.m5.4xlarge, cache.m5.12xlarge, cache.m5.24xlarge M4 node types: cache.m4.large, cache.m4.xlarge, cache.m4.2xlarge, cache.m4.4xlarge, cache.m4.10xlarge T4g node types (available only for Redis engine version 5.0.6 onward and Memcached engine version 1.5.16 onward): cache.t4g.micro, cache.t4g.small, cache.t4g.medium T3 node types: cache.t3.micro, cache.t3.small, cache.t3.medium T2 node types: cache.t2.micro, cache.t2.small, cache.t2.medium Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) T1 node types: cache.t1.micro M1 node types: cache.m1.small, cache.m1.medium, cache.m1.large, cache.m1.xlarge M3 node types: cache.m3.medium, cache.m3.large, cache.m3.xlarge, cache.m3.2xlarge * Compute optimized: Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) C1 node types: cache.c1.xlarge * Memory optimized with data tiering: Current generation: R6gd node types (available only for Redis engine version 6.2 onward). cache.r6gd.xlarge, cache.r6gd.2xlarge, cache.r6gd.4xlarge, cache.r6gd.8xlarge, cache.r6gd.12xlarge, cache.r6gd.16xlarge * Memory optimized: Current generation: R6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward). cache.r6g.large, cache.r6g.xlarge, cache.r6g.2xlarge, cache.r6g.4xlarge, cache.r6g.8xlarge, cache.r6g.12xlarge, cache.r6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) R5 node types: cache.r5.large, cache.r5.xlarge, cache.r5.2xlarge, cache.r5.4xlarge, cache.r5.12xlarge, cache.r5.24xlarge R4 node types: cache.r4.large, cache.r4.xlarge, cache.r4.2xlarge, cache.r4.4xlarge, cache.r4.8xlarge, cache.r4.16xlarge Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) M2 node types: cache.m2.xlarge, cache.m2.2xlarge, cache.m2.4xlarge R3 node types: cache.r3.large, cache.r3.xlarge, cache.r3.2xlarge, cache.r3.4xlarge, cache.r3.8xlarge Additional node type info * All current generation instance types are created in Amazon VPC by default. * Redis append-only files (AOF) are not supported for T1 or T2 instances. * Redis Multi-AZ with automatic failover is not supported on T1 instances. * Redis configuration variables appendonly and appendfsync are not supported on Redis version 2.8.22 and later.", - MarkdownDescription: "The compute and memory capacity of the nodes in the node group (shard). The following node types are supported by ElastiCache. Generally speaking, the current generation types provide more memory and computational power at lower cost when compared to their equivalent previous generation counterparts. * General purpose: Current generation: M6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): cache.m6g.large, cache.m6g.xlarge, cache.m6g.2xlarge, cache.m6g.4xlarge, cache.m6g.8xlarge, cache.m6g.12xlarge, cache.m6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) M5 node types: cache.m5.large, cache.m5.xlarge, cache.m5.2xlarge, cache.m5.4xlarge, cache.m5.12xlarge, cache.m5.24xlarge M4 node types: cache.m4.large, cache.m4.xlarge, cache.m4.2xlarge, cache.m4.4xlarge, cache.m4.10xlarge T4g node types (available only for Redis engine version 5.0.6 onward and Memcached engine version 1.5.16 onward): cache.t4g.micro, cache.t4g.small, cache.t4g.medium T3 node types: cache.t3.micro, cache.t3.small, cache.t3.medium T2 node types: cache.t2.micro, cache.t2.small, cache.t2.medium Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) T1 node types: cache.t1.micro M1 node types: cache.m1.small, cache.m1.medium, cache.m1.large, cache.m1.xlarge M3 node types: cache.m3.medium, cache.m3.large, cache.m3.xlarge, cache.m3.2xlarge * Compute optimized: Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) C1 node types: cache.c1.xlarge * Memory optimized with data tiering: Current generation: R6gd node types (available only for Redis engine version 6.2 onward). cache.r6gd.xlarge, cache.r6gd.2xlarge, cache.r6gd.4xlarge, cache.r6gd.8xlarge, cache.r6gd.12xlarge, cache.r6gd.16xlarge * Memory optimized: Current generation: R6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward). cache.r6g.large, cache.r6g.xlarge, cache.r6g.2xlarge, cache.r6g.4xlarge, cache.r6g.8xlarge, cache.r6g.12xlarge, cache.r6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) R5 node types: cache.r5.large, cache.r5.xlarge, cache.r5.2xlarge, cache.r5.4xlarge, cache.r5.12xlarge, cache.r5.24xlarge R4 node types: cache.r4.large, cache.r4.xlarge, cache.r4.2xlarge, cache.r4.4xlarge, cache.r4.8xlarge, cache.r4.16xlarge Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) M2 node types: cache.m2.xlarge, cache.m2.2xlarge, cache.m2.4xlarge R3 node types: cache.r3.large, cache.r3.xlarge, cache.r3.2xlarge, cache.r3.4xlarge, cache.r3.8xlarge Additional node type info * All current generation instance types are created in Amazon VPC by default. * Redis append-only files (AOF) are not supported for T1 or T2 instances. * Redis Multi-AZ with automatic failover is not supported on T1 instances. * Redis configuration variables appendonly and appendfsync are not supported on Redis version 2.8.22 and later.", + Description: "The compute and memory capacity of the nodes in the node group (shard).The following node types are supported by ElastiCache. Generally speaking,the current generation types provide more memory and computational powerat lower cost when compared to their equivalent previous generation counterparts. * General purpose: Current generation: M6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): cache.m6g.large, cache.m6g.xlarge, cache.m6g.2xlarge, cache.m6g.4xlarge, cache.m6g.8xlarge, cache.m6g.12xlarge, cache.m6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) M5 node types: cache.m5.large, cache.m5.xlarge, cache.m5.2xlarge, cache.m5.4xlarge, cache.m5.12xlarge, cache.m5.24xlarge M4 node types: cache.m4.large, cache.m4.xlarge, cache.m4.2xlarge, cache.m4.4xlarge, cache.m4.10xlarge T4g node types (available only for Redis engine version 5.0.6 onward and Memcached engine version 1.5.16 onward): cache.t4g.micro, cache.t4g.small, cache.t4g.medium T3 node types: cache.t3.micro, cache.t3.small, cache.t3.medium T2 node types: cache.t2.micro, cache.t2.small, cache.t2.medium Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) T1 node types: cache.t1.micro M1 node types: cache.m1.small, cache.m1.medium, cache.m1.large, cache.m1.xlarge M3 node types: cache.m3.medium, cache.m3.large, cache.m3.xlarge, cache.m3.2xlarge * Compute optimized: Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) C1 node types: cache.c1.xlarge * Memory optimized with data tiering: Current generation: R6gd node types (available only for Redis engine version 6.2 onward). cache.r6gd.xlarge, cache.r6gd.2xlarge, cache.r6gd.4xlarge, cache.r6gd.8xlarge, cache.r6gd.12xlarge, cache.r6gd.16xlarge * Memory optimized: Current generation: R6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward). cache.r6g.large, cache.r6g.xlarge, cache.r6g.2xlarge, cache.r6g.4xlarge, cache.r6g.8xlarge, cache.r6g.12xlarge, cache.r6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) R5 node types: cache.r5.large, cache.r5.xlarge, cache.r5.2xlarge, cache.r5.4xlarge, cache.r5.12xlarge, cache.r5.24xlarge R4 node types: cache.r4.large, cache.r4.xlarge, cache.r4.2xlarge, cache.r4.4xlarge, cache.r4.8xlarge, cache.r4.16xlarge Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) M2 node types: cache.m2.xlarge, cache.m2.2xlarge, cache.m2.4xlarge R3 node types: cache.r3.large, cache.r3.xlarge, cache.r3.2xlarge, cache.r3.4xlarge, cache.r3.8xlargeAdditional node type info * All current generation instance types are created in Amazon VPC by default. * Redis append-only files (AOF) are not supported for T1 or T2 instances. * Redis Multi-AZ with automatic failover is not supported on T1 instances. * Redis configuration variables appendonly and appendfsync are not supported on Redis version 2.8.22 and later.", + MarkdownDescription: "The compute and memory capacity of the nodes in the node group (shard).The following node types are supported by ElastiCache. Generally speaking,the current generation types provide more memory and computational powerat lower cost when compared to their equivalent previous generation counterparts. * General purpose: Current generation: M6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward): cache.m6g.large, cache.m6g.xlarge, cache.m6g.2xlarge, cache.m6g.4xlarge, cache.m6g.8xlarge, cache.m6g.12xlarge, cache.m6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) M5 node types: cache.m5.large, cache.m5.xlarge, cache.m5.2xlarge, cache.m5.4xlarge, cache.m5.12xlarge, cache.m5.24xlarge M4 node types: cache.m4.large, cache.m4.xlarge, cache.m4.2xlarge, cache.m4.4xlarge, cache.m4.10xlarge T4g node types (available only for Redis engine version 5.0.6 onward and Memcached engine version 1.5.16 onward): cache.t4g.micro, cache.t4g.small, cache.t4g.medium T3 node types: cache.t3.micro, cache.t3.small, cache.t3.medium T2 node types: cache.t2.micro, cache.t2.small, cache.t2.medium Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) T1 node types: cache.t1.micro M1 node types: cache.m1.small, cache.m1.medium, cache.m1.large, cache.m1.xlarge M3 node types: cache.m3.medium, cache.m3.large, cache.m3.xlarge, cache.m3.2xlarge * Compute optimized: Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) C1 node types: cache.c1.xlarge * Memory optimized with data tiering: Current generation: R6gd node types (available only for Redis engine version 6.2 onward). cache.r6gd.xlarge, cache.r6gd.2xlarge, cache.r6gd.4xlarge, cache.r6gd.8xlarge, cache.r6gd.12xlarge, cache.r6gd.16xlarge * Memory optimized: Current generation: R6g node types (available only for Redis engine version 5.0.6 onward and for Memcached engine version 1.5.16 onward). cache.r6g.large, cache.r6g.xlarge, cache.r6g.2xlarge, cache.r6g.4xlarge, cache.r6g.8xlarge, cache.r6g.12xlarge, cache.r6g.16xlarge For region availability, see Supported Node Types (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html#CacheNodes.SupportedTypesByRegion) R5 node types: cache.r5.large, cache.r5.xlarge, cache.r5.2xlarge, cache.r5.4xlarge, cache.r5.12xlarge, cache.r5.24xlarge R4 node types: cache.r4.large, cache.r4.xlarge, cache.r4.2xlarge, cache.r4.4xlarge, cache.r4.8xlarge, cache.r4.16xlarge Previous generation: (not recommended. Existing clusters are still supported but creation of new clusters is not supported for these types.) M2 node types: cache.m2.xlarge, cache.m2.2xlarge, cache.m2.4xlarge R3 node types: cache.r3.large, cache.r3.xlarge, cache.r3.2xlarge, cache.r3.4xlarge, cache.r3.8xlargeAdditional node type info * All current generation instance types are created in Amazon VPC by default. * Redis append-only files (AOF) are not supported for T1 or T2 instances. * Redis Multi-AZ with automatic failover is not supported on T1 instances. * Redis configuration variables appendonly and appendfsync are not supported on Redis version 2.8.22 and later.", Required: false, Optional: true, Computed: false, }, "cache_parameter_group_name": schema.StringAttribute{ - Description: "The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. If you are running Redis version 3.2.4 or later, only one node group (shard), and want to use a default parameter group, we recommend that you specify the parameter group by name. * To create a Redis (cluster mode disabled) replication group, use CacheParameterGroupName=default.redis3.2. * To create a Redis (cluster mode enabled) replication group, use CacheParameterGroupName=default.redis3.2.cluster.on.", - MarkdownDescription: "The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. If you are running Redis version 3.2.4 or later, only one node group (shard), and want to use a default parameter group, we recommend that you specify the parameter group by name. * To create a Redis (cluster mode disabled) replication group, use CacheParameterGroupName=default.redis3.2. * To create a Redis (cluster mode enabled) replication group, use CacheParameterGroupName=default.redis3.2.cluster.on.", + Description: "The name of the parameter group to associate with this replication group.If this argument is omitted, the default cache parameter group for the specifiedengine is used.If you are running Redis version 3.2.4 or later, only one node group (shard),and want to use a default parameter group, we recommend that you specifythe parameter group by name. * To create a Redis (cluster mode disabled) replication group, use CacheParameterGroupName=default.redis3.2. * To create a Redis (cluster mode enabled) replication group, use CacheParameterGroupName=default.redis3.2.cluster.on.", + MarkdownDescription: "The name of the parameter group to associate with this replication group.If this argument is omitted, the default cache parameter group for the specifiedengine is used.If you are running Redis version 3.2.4 or later, only one node group (shard),and want to use a default parameter group, we recommend that you specifythe parameter group by name. * To create a Redis (cluster mode disabled) replication group, use CacheParameterGroupName=default.redis3.2. * To create a Redis (cluster mode enabled) replication group, use CacheParameterGroupName=default.redis3.2.cluster.on.", Required: false, Optional: true, Computed: false, }, "cache_parameter_group_ref": schema.SingleNestedAttribute{ - Description: "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference type to provide more user friendly syntax for references using 'from' field Ex: APIIDRef: from: name: my-api", - MarkdownDescription: "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference type to provide more user friendly syntax for references using 'from' field Ex: APIIDRef: from: name: my-api", + Description: "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReferencetype to provide more user friendly syntax for references using 'from' fieldEx:APIIDRef: from: name: my-api", + MarkdownDescription: "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReferencetype to provide more user friendly syntax for references using 'from' fieldEx:APIIDRef: from: name: my-api", Attributes: map[string]schema.Attribute{ "from": schema.SingleNestedAttribute{ - Description: "AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name)", - MarkdownDescription: "AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name)", + Description: "AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name)", + MarkdownDescription: "AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name)", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "", @@ -298,20 +298,20 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "cache_subnet_group_name": schema.StringAttribute{ - Description: "The name of the cache subnet group to be used for the replication group. If you're going to launch your cluster in an Amazon VPC, you need to create a subnet group before you start creating a cluster. For more information, see Subnets and Subnet Groups (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.html).", - MarkdownDescription: "The name of the cache subnet group to be used for the replication group. If you're going to launch your cluster in an Amazon VPC, you need to create a subnet group before you start creating a cluster. For more information, see Subnets and Subnet Groups (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.html).", + Description: "The name of the cache subnet group to be used for the replication group.If you're going to launch your cluster in an Amazon VPC, you need to createa subnet group before you start creating a cluster. For more information,see Subnets and Subnet Groups (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.html).", + MarkdownDescription: "The name of the cache subnet group to be used for the replication group.If you're going to launch your cluster in an Amazon VPC, you need to createa subnet group before you start creating a cluster. For more information,see Subnets and Subnet Groups (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SubnetGroups.html).", Required: false, Optional: true, Computed: false, }, "cache_subnet_group_ref": schema.SingleNestedAttribute{ - Description: "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference type to provide more user friendly syntax for references using 'from' field Ex: APIIDRef: from: name: my-api", - MarkdownDescription: "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReference type to provide more user friendly syntax for references using 'from' field Ex: APIIDRef: from: name: my-api", + Description: "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReferencetype to provide more user friendly syntax for references using 'from' fieldEx:APIIDRef: from: name: my-api", + MarkdownDescription: "AWSResourceReferenceWrapper provides a wrapper around *AWSResourceReferencetype to provide more user friendly syntax for references using 'from' fieldEx:APIIDRef: from: name: my-api", Attributes: map[string]schema.Attribute{ "from": schema.SingleNestedAttribute{ - Description: "AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name)", - MarkdownDescription: "AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name)", + Description: "AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name)", + MarkdownDescription: "AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name)", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "", @@ -332,8 +332,8 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "data_tiering_enabled": schema.BoolAttribute{ - Description: "Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. For more information, see Data tiering (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html).", - MarkdownDescription: "Enables data tiering. Data tiering is only supported for replication groups using the r6gd node type. This parameter must be set to true when using r6gd nodes. For more information, see Data tiering (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html).", + Description: "Enables data tiering. Data tiering is only supported for replication groupsusing the r6gd node type. This parameter must be set to true when using r6gdnodes. For more information, see Data tiering (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html).", + MarkdownDescription: "Enables data tiering. Data tiering is only supported for replication groupsusing the r6gd node type. This parameter must be set to true when using r6gdnodes. For more information, see Data tiering (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/data-tiering.html).", Required: false, Optional: true, Computed: false, @@ -348,16 +348,16 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "engine": schema.StringAttribute{ - Description: "The name of the cache engine to be used for the clusters in this replication group. Must be Redis.", - MarkdownDescription: "The name of the cache engine to be used for the clusters in this replication group. Must be Redis.", + Description: "The name of the cache engine to be used for the clusters in this replicationgroup. Must be Redis.", + MarkdownDescription: "The name of the cache engine to be used for the clusters in this replicationgroup. Must be Redis.", Required: false, Optional: true, Computed: false, }, "engine_version": schema.StringAttribute{ - Description: "The version number of the cache engine to be used for the clusters in this replication group. To view the supported cache engine versions, use the DescribeCacheEngineVersions operation. Important: You can upgrade to a newer engine version (see Selecting a Cache Engine and Version (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html#VersionManagement)) in the ElastiCache User Guide, but you cannot downgrade to an earlier engine version. If you want to use an earlier engine version, you must delete the existing cluster or replication group and create it anew with the earlier engine version.", - MarkdownDescription: "The version number of the cache engine to be used for the clusters in this replication group. To view the supported cache engine versions, use the DescribeCacheEngineVersions operation. Important: You can upgrade to a newer engine version (see Selecting a Cache Engine and Version (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html#VersionManagement)) in the ElastiCache User Guide, but you cannot downgrade to an earlier engine version. If you want to use an earlier engine version, you must delete the existing cluster or replication group and create it anew with the earlier engine version.", + Description: "The version number of the cache engine to be used for the clusters in thisreplication group. To view the supported cache engine versions, use the DescribeCacheEngineVersionsoperation.Important: You can upgrade to a newer engine version (see Selecting a CacheEngine and Version (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html#VersionManagement))in the ElastiCache User Guide, but you cannot downgrade to an earlier engineversion. If you want to use an earlier engine version, you must delete theexisting cluster or replication group and create it anew with the earlierengine version.", + MarkdownDescription: "The version number of the cache engine to be used for the clusters in thisreplication group. To view the supported cache engine versions, use the DescribeCacheEngineVersionsoperation.Important: You can upgrade to a newer engine version (see Selecting a CacheEngine and Version (https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/SelectEngine.html#VersionManagement))in the ElastiCache User Guide, but you cannot downgrade to an earlier engineversion. If you want to use an earlier engine version, you must delete theexisting cluster or replication group and create it anew with the earlierengine version.", Required: false, Optional: true, Computed: false, @@ -377,8 +377,8 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "destination_details": schema.SingleNestedAttribute{ - Description: "Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination.", - MarkdownDescription: "Configuration details of either a CloudWatch Logs destination or Kinesis Data Firehose destination.", + Description: "Configuration details of either a CloudWatch Logs destination or KinesisData Firehose destination.", + MarkdownDescription: "Configuration details of either a CloudWatch Logs destination or KinesisData Firehose destination.", Attributes: map[string]schema.Attribute{ "cloud_watch_logs_details": schema.SingleNestedAttribute{ Description: "The configuration details of the CloudWatch Logs destination.", @@ -458,16 +458,16 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "multi_az_enabled": schema.BoolAttribute{ - Description: "A flag indicating if you have Multi-AZ enabled to enhance fault tolerance. For more information, see Minimizing Downtime: Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html).", - MarkdownDescription: "A flag indicating if you have Multi-AZ enabled to enhance fault tolerance. For more information, see Minimizing Downtime: Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html).", + Description: "A flag indicating if you have Multi-AZ enabled to enhance fault tolerance.For more information, see Minimizing Downtime: Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html).", + MarkdownDescription: "A flag indicating if you have Multi-AZ enabled to enhance fault tolerance.For more information, see Minimizing Downtime: Multi-AZ (http://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/AutoFailover.html).", Required: false, Optional: true, Computed: false, }, "node_group_configuration": schema.ListNestedAttribute{ - Description: "A list of node group (shard) configuration options. Each node group (shard) configuration has the following members: PrimaryAvailabilityZone, ReplicaAvailabilityZones, ReplicaCount, and Slots. If you're creating a Redis (cluster mode disabled) or a Redis (cluster mode enabled) replication group, you can use this parameter to individually configure each node group (shard), or you can omit this parameter. However, it is required when seeding a Redis (cluster mode enabled) cluster from a S3 rdb file. You must configure each node group (shard) using this parameter because you must specify the slots for each node group.", - MarkdownDescription: "A list of node group (shard) configuration options. Each node group (shard) configuration has the following members: PrimaryAvailabilityZone, ReplicaAvailabilityZones, ReplicaCount, and Slots. If you're creating a Redis (cluster mode disabled) or a Redis (cluster mode enabled) replication group, you can use this parameter to individually configure each node group (shard), or you can omit this parameter. However, it is required when seeding a Redis (cluster mode enabled) cluster from a S3 rdb file. You must configure each node group (shard) using this parameter because you must specify the slots for each node group.", + Description: "A list of node group (shard) configuration options. Each node group (shard)configuration has the following members: PrimaryAvailabilityZone, ReplicaAvailabilityZones,ReplicaCount, and Slots.If you're creating a Redis (cluster mode disabled) or a Redis (cluster modeenabled) replication group, you can use this parameter to individually configureeach node group (shard), or you can omit this parameter. However, it is requiredwhen seeding a Redis (cluster mode enabled) cluster from a S3 rdb file. Youmust configure each node group (shard) using this parameter because you mustspecify the slots for each node group.", + MarkdownDescription: "A list of node group (shard) configuration options. Each node group (shard)configuration has the following members: PrimaryAvailabilityZone, ReplicaAvailabilityZones,ReplicaCount, and Slots.If you're creating a Redis (cluster mode disabled) or a Redis (cluster modeenabled) replication group, you can use this parameter to individually configureeach node group (shard), or you can omit this parameter. However, it is requiredwhen seeding a Redis (cluster mode enabled) cluster from a S3 rdb file. Youmust configure each node group (shard) using this parameter because you mustspecify the slots for each node group.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "node_group_id": schema.StringAttribute{ @@ -535,16 +535,16 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "notification_topic_arn": schema.StringAttribute{ - Description: "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) topic to which notifications are sent. The Amazon SNS topic owner must be the same as the cluster owner.", - MarkdownDescription: "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service (SNS) topic to which notifications are sent. The Amazon SNS topic owner must be the same as the cluster owner.", + Description: "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service(SNS) topic to which notifications are sent.The Amazon SNS topic owner must be the same as the cluster owner.", + MarkdownDescription: "The Amazon Resource Name (ARN) of the Amazon Simple Notification Service(SNS) topic to which notifications are sent.The Amazon SNS topic owner must be the same as the cluster owner.", Required: false, Optional: true, Computed: false, }, "num_node_groups": schema.Int64Attribute{ - Description: "An optional parameter that specifies the number of node groups (shards) for this Redis (cluster mode enabled) replication group. For Redis (cluster mode disabled) either omit this parameter or set it to 1. Default: 1", - MarkdownDescription: "An optional parameter that specifies the number of node groups (shards) for this Redis (cluster mode enabled) replication group. For Redis (cluster mode disabled) either omit this parameter or set it to 1. Default: 1", + Description: "An optional parameter that specifies the number of node groups (shards) forthis Redis (cluster mode enabled) replication group. For Redis (cluster modedisabled) either omit this parameter or set it to 1.Default: 1", + MarkdownDescription: "An optional parameter that specifies the number of node groups (shards) forthis Redis (cluster mode enabled) replication group. For Redis (cluster modedisabled) either omit this parameter or set it to 1.Default: 1", Required: false, Optional: true, Computed: false, @@ -559,8 +559,8 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "preferred_cache_cluster_a_zs": schema.ListAttribute{ - Description: "A list of EC2 Availability Zones in which the replication group's clusters are created. The order of the Availability Zones in the list is the order in which clusters are allocated. The primary cluster is created in the first AZ in the list. This parameter is not used if there is more than one node group (shard). You should use NodeGroupConfiguration instead. If you are creating your replication group in an Amazon VPC (recommended), you can only locate clusters in Availability Zones associated with the subnets in the selected subnet group. The number of Availability Zones listed must equal the value of NumCacheClusters. Default: system chosen Availability Zones.", - MarkdownDescription: "A list of EC2 Availability Zones in which the replication group's clusters are created. The order of the Availability Zones in the list is the order in which clusters are allocated. The primary cluster is created in the first AZ in the list. This parameter is not used if there is more than one node group (shard). You should use NodeGroupConfiguration instead. If you are creating your replication group in an Amazon VPC (recommended), you can only locate clusters in Availability Zones associated with the subnets in the selected subnet group. The number of Availability Zones listed must equal the value of NumCacheClusters. Default: system chosen Availability Zones.", + Description: "A list of EC2 Availability Zones in which the replication group's clustersare created. The order of the Availability Zones in the list is the orderin which clusters are allocated. The primary cluster is created in the firstAZ in the list.This parameter is not used if there is more than one node group (shard).You should use NodeGroupConfiguration instead.If you are creating your replication group in an Amazon VPC (recommended),you can only locate clusters in Availability Zones associated with the subnetsin the selected subnet group.The number of Availability Zones listed must equal the value of NumCacheClusters.Default: system chosen Availability Zones.", + MarkdownDescription: "A list of EC2 Availability Zones in which the replication group's clustersare created. The order of the Availability Zones in the list is the orderin which clusters are allocated. The primary cluster is created in the firstAZ in the list.This parameter is not used if there is more than one node group (shard).You should use NodeGroupConfiguration instead.If you are creating your replication group in an Amazon VPC (recommended),you can only locate clusters in Availability Zones associated with the subnetsin the selected subnet group.The number of Availability Zones listed must equal the value of NumCacheClusters.Default: system chosen Availability Zones.", ElementType: types.StringType, Required: false, Optional: true, @@ -568,40 +568,40 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "preferred_maintenance_window": schema.StringAttribute{ - Description: "Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Valid values for ddd are: Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Valid values for ddd are: * sun * mon * tue * wed * thu * fri * sat Example: sun:23:00-mon:01:30", - MarkdownDescription: "Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Valid values for ddd are: Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. Valid values for ddd are: * sun * mon * tue * wed * thu * fri * sat Example: sun:23:00-mon:01:30", + Description: "Specifies the weekly time range during which maintenance on the cluster isperformed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi(24H Clock UTC). The minimum maintenance window is a 60 minute period. Validvalues for ddd are:Specifies the weekly time range during which maintenance on the cluster isperformed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi(24H Clock UTC). The minimum maintenance window is a 60 minute period.Valid values for ddd are: * sun * mon * tue * wed * thu * fri * satExample: sun:23:00-mon:01:30", + MarkdownDescription: "Specifies the weekly time range during which maintenance on the cluster isperformed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi(24H Clock UTC). The minimum maintenance window is a 60 minute period. Validvalues for ddd are:Specifies the weekly time range during which maintenance on the cluster isperformed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi(24H Clock UTC). The minimum maintenance window is a 60 minute period.Valid values for ddd are: * sun * mon * tue * wed * thu * fri * satExample: sun:23:00-mon:01:30", Required: false, Optional: true, Computed: false, }, "primary_cluster_id": schema.StringAttribute{ - Description: "The identifier of the cluster that serves as the primary for this replication group. This cluster must already exist and have a status of available. This parameter is not required if NumCacheClusters, NumNodeGroups, or ReplicasPerNodeGroup is specified.", - MarkdownDescription: "The identifier of the cluster that serves as the primary for this replication group. This cluster must already exist and have a status of available. This parameter is not required if NumCacheClusters, NumNodeGroups, or ReplicasPerNodeGroup is specified.", + Description: "The identifier of the cluster that serves as the primary for this replicationgroup. This cluster must already exist and have a status of available.This parameter is not required if NumCacheClusters, NumNodeGroups, or ReplicasPerNodeGroupis specified.", + MarkdownDescription: "The identifier of the cluster that serves as the primary for this replicationgroup. This cluster must already exist and have a status of available.This parameter is not required if NumCacheClusters, NumNodeGroups, or ReplicasPerNodeGroupis specified.", Required: false, Optional: true, Computed: false, }, "replicas_per_node_group": schema.Int64Attribute{ - Description: "An optional parameter that specifies the number of replica nodes in each node group (shard). Valid values are 0 to 5.", - MarkdownDescription: "An optional parameter that specifies the number of replica nodes in each node group (shard). Valid values are 0 to 5.", + Description: "An optional parameter that specifies the number of replica nodes in eachnode group (shard). Valid values are 0 to 5.", + MarkdownDescription: "An optional parameter that specifies the number of replica nodes in eachnode group (shard). Valid values are 0 to 5.", Required: false, Optional: true, Computed: false, }, "replication_group_id": schema.StringAttribute{ - Description: "The replication group identifier. This parameter is stored as a lowercase string. Constraints: * A name must contain from 1 to 40 alphanumeric characters or hyphens. * The first character must be a letter. * A name cannot end with a hyphen or contain two consecutive hyphens.", - MarkdownDescription: "The replication group identifier. This parameter is stored as a lowercase string. Constraints: * A name must contain from 1 to 40 alphanumeric characters or hyphens. * The first character must be a letter. * A name cannot end with a hyphen or contain two consecutive hyphens.", + Description: "The replication group identifier. This parameter is stored as a lowercasestring.Constraints: * A name must contain from 1 to 40 alphanumeric characters or hyphens. * The first character must be a letter. * A name cannot end with a hyphen or contain two consecutive hyphens.", + MarkdownDescription: "The replication group identifier. This parameter is stored as a lowercasestring.Constraints: * A name must contain from 1 to 40 alphanumeric characters or hyphens. * The first character must be a letter. * A name cannot end with a hyphen or contain two consecutive hyphens.", Required: true, Optional: false, Computed: false, }, "security_group_i_ds": schema.ListAttribute{ - Description: "One or more Amazon VPC security groups associated with this replication group. Use this parameter only when you are creating a replication group in an Amazon Virtual Private Cloud (Amazon VPC).", - MarkdownDescription: "One or more Amazon VPC security groups associated with this replication group. Use this parameter only when you are creating a replication group in an Amazon Virtual Private Cloud (Amazon VPC).", + Description: "One or more Amazon VPC security groups associated with this replication group.Use this parameter only when you are creating a replication group in an AmazonVirtual Private Cloud (Amazon VPC).", + MarkdownDescription: "One or more Amazon VPC security groups associated with this replication group.Use this parameter only when you are creating a replication group in an AmazonVirtual Private Cloud (Amazon VPC).", ElementType: types.StringType, Required: false, Optional: true, @@ -614,8 +614,8 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "from": schema.SingleNestedAttribute{ - Description: "AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name)", - MarkdownDescription: "AWSResourceReference provides all the values necessary to reference another k8s resource for finding the identifier(Id/ARN/Name)", + Description: "AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name)", + MarkdownDescription: "AWSResourceReference provides all the values necessary to reference anotherk8s resource for finding the identifier(Id/ARN/Name)", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "", @@ -637,8 +637,8 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "snapshot_ar_ns": schema.ListAttribute{ - Description: "A list of Amazon Resource Names (ARN) that uniquely identify the Redis RDB snapshot files stored in Amazon S3. The snapshot files are used to populate the new replication group. The Amazon S3 object name in the ARN cannot contain any commas. The new replication group will have the number of node groups (console: shards) specified by the parameter NumNodeGroups or the number of node groups configured by NodeGroupConfiguration regardless of the number of ARNs specified here. Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb", - MarkdownDescription: "A list of Amazon Resource Names (ARN) that uniquely identify the Redis RDB snapshot files stored in Amazon S3. The snapshot files are used to populate the new replication group. The Amazon S3 object name in the ARN cannot contain any commas. The new replication group will have the number of node groups (console: shards) specified by the parameter NumNodeGroups or the number of node groups configured by NodeGroupConfiguration regardless of the number of ARNs specified here. Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb", + Description: "A list of Amazon Resource Names (ARN) that uniquely identify the Redis RDBsnapshot files stored in Amazon S3. The snapshot files are used to populatethe new replication group. The Amazon S3 object name in the ARN cannot containany commas. The new replication group will have the number of node groups(console: shards) specified by the parameter NumNodeGroups or the numberof node groups configured by NodeGroupConfiguration regardless of the numberof ARNs specified here.Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb", + MarkdownDescription: "A list of Amazon Resource Names (ARN) that uniquely identify the Redis RDBsnapshot files stored in Amazon S3. The snapshot files are used to populatethe new replication group. The Amazon S3 object name in the ARN cannot containany commas. The new replication group will have the number of node groups(console: shards) specified by the parameter NumNodeGroups or the numberof node groups configured by NodeGroupConfiguration regardless of the numberof ARNs specified here.Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb", ElementType: types.StringType, Required: false, Optional: true, @@ -646,32 +646,32 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "snapshot_name": schema.StringAttribute{ - Description: "The name of a snapshot from which to restore data into the new replication group. The snapshot status changes to restoring while the new replication group is being created.", - MarkdownDescription: "The name of a snapshot from which to restore data into the new replication group. The snapshot status changes to restoring while the new replication group is being created.", + Description: "The name of a snapshot from which to restore data into the new replicationgroup. The snapshot status changes to restoring while the new replicationgroup is being created.", + MarkdownDescription: "The name of a snapshot from which to restore data into the new replicationgroup. The snapshot status changes to restoring while the new replicationgroup is being created.", Required: false, Optional: true, Computed: false, }, "snapshot_retention_limit": schema.Int64Attribute{ - Description: "The number of days for which ElastiCache retains automatic snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot that was taken today is retained for 5 days before being deleted. Default: 0 (i.e., automatic backups are disabled for this cluster).", - MarkdownDescription: "The number of days for which ElastiCache retains automatic snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshot that was taken today is retained for 5 days before being deleted. Default: 0 (i.e., automatic backups are disabled for this cluster).", + Description: "The number of days for which ElastiCache retains automatic snapshots beforedeleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshotthat was taken today is retained for 5 days before being deleted.Default: 0 (i.e., automatic backups are disabled for this cluster).", + MarkdownDescription: "The number of days for which ElastiCache retains automatic snapshots beforedeleting them. For example, if you set SnapshotRetentionLimit to 5, a snapshotthat was taken today is retained for 5 days before being deleted.Default: 0 (i.e., automatic backups are disabled for this cluster).", Required: false, Optional: true, Computed: false, }, "snapshot_window": schema.StringAttribute{ - Description: "The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your node group (shard). Example: 05:00-09:00 If you do not specify this parameter, ElastiCache automatically chooses an appropriate time range.", - MarkdownDescription: "The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your node group (shard). Example: 05:00-09:00 If you do not specify this parameter, ElastiCache automatically chooses an appropriate time range.", + Description: "The daily time range (in UTC) during which ElastiCache begins taking a dailysnapshot of your node group (shard).Example: 05:00-09:00If you do not specify this parameter, ElastiCache automatically chooses anappropriate time range.", + MarkdownDescription: "The daily time range (in UTC) during which ElastiCache begins taking a dailysnapshot of your node group (shard).Example: 05:00-09:00If you do not specify this parameter, ElastiCache automatically chooses anappropriate time range.", Required: false, Optional: true, Computed: false, }, "tags": schema.ListNestedAttribute{ - Description: "A list of tags to be added to this resource. Tags are comma-separated key,value pairs (e.g. Key=myKey, Value=myKeyValue. You can include multiple tags as shown following: Key=myKey, Value=myKeyValue Key=mySecondKey, Value=mySecondKeyValue. Tags on replication groups will be replicated to all nodes.", - MarkdownDescription: "A list of tags to be added to this resource. Tags are comma-separated key,value pairs (e.g. Key=myKey, Value=myKeyValue. You can include multiple tags as shown following: Key=myKey, Value=myKeyValue Key=mySecondKey, Value=mySecondKeyValue. Tags on replication groups will be replicated to all nodes.", + Description: "A list of tags to be added to this resource. Tags are comma-separated key,valuepairs (e.g. Key=myKey, Value=myKeyValue. You can include multiple tags asshown following: Key=myKey, Value=myKeyValue Key=mySecondKey, Value=mySecondKeyValue.Tags on replication groups will be replicated to all nodes.", + MarkdownDescription: "A list of tags to be added to this resource. Tags are comma-separated key,valuepairs (e.g. Key=myKey, Value=myKeyValue. You can include multiple tags asshown following: Key=myKey, Value=myKeyValue Key=mySecondKey, Value=mySecondKeyValue.Tags on replication groups will be replicated to all nodes.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -697,8 +697,8 @@ func (r *ElasticacheServicesK8SAwsReplicationGroupV1Alpha1Manifest) Schema(_ con }, "transit_encryption_enabled": schema.BoolAttribute{ - Description: "A flag that enables in-transit encryption when set to true. You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster. This parameter is valid only if the Engine parameter is redis, the EngineVersion parameter is 3.2.6, 4.x or later, and the cluster is being created in an Amazon VPC. If you enable in-transit encryption, you must also specify a value for CacheSubnetGroup. Required: Only available when creating a replication group in an Amazon VPC using redis version 3.2.6, 4.x or later. Default: false For HIPAA compliance, you must specify TransitEncryptionEnabled as true, an AuthToken, and a CacheSubnetGroup.", - MarkdownDescription: "A flag that enables in-transit encryption when set to true. You cannot modify the value of TransitEncryptionEnabled after the cluster is created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabled to true when you create a cluster. This parameter is valid only if the Engine parameter is redis, the EngineVersion parameter is 3.2.6, 4.x or later, and the cluster is being created in an Amazon VPC. If you enable in-transit encryption, you must also specify a value for CacheSubnetGroup. Required: Only available when creating a replication group in an Amazon VPC using redis version 3.2.6, 4.x or later. Default: false For HIPAA compliance, you must specify TransitEncryptionEnabled as true, an AuthToken, and a CacheSubnetGroup.", + Description: "A flag that enables in-transit encryption when set to true.You cannot modify the value of TransitEncryptionEnabled after the clusteris created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabledto true when you create a cluster.This parameter is valid only if the Engine parameter is redis, the EngineVersionparameter is 3.2.6, 4.x or later, and the cluster is being created in anAmazon VPC.If you enable in-transit encryption, you must also specify a value for CacheSubnetGroup.Required: Only available when creating a replication group in an Amazon VPCusing redis version 3.2.6, 4.x or later.Default: falseFor HIPAA compliance, you must specify TransitEncryptionEnabled as true,an AuthToken, and a CacheSubnetGroup.", + MarkdownDescription: "A flag that enables in-transit encryption when set to true.You cannot modify the value of TransitEncryptionEnabled after the clusteris created. To enable in-transit encryption on a cluster you must set TransitEncryptionEnabledto true when you create a cluster.This parameter is valid only if the Engine parameter is redis, the EngineVersionparameter is 3.2.6, 4.x or later, and the cluster is being created in anAmazon VPC.If you enable in-transit encryption, you must also specify a value for CacheSubnetGroup.Required: Only available when creating a replication group in an Amazon VPCusing redis version 3.2.6, 4.x or later.Default: falseFor HIPAA compliance, you must specify TransitEncryptionEnabled as true,an AuthToken, and a CacheSubnetGroup.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_snapshot_v1alpha1_manifest.go b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_snapshot_v1alpha1_manifest.go index a46190391..e01416740 100644 --- a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_snapshot_v1alpha1_manifest.go +++ b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_snapshot_v1alpha1_manifest.go @@ -129,12 +129,12 @@ func (r *ElasticacheServicesK8SAwsSnapshotV1Alpha1Manifest) Schema(_ context.Con }, "spec": schema.SingleNestedAttribute{ - Description: "SnapshotSpec defines the desired state of Snapshot. Represents a copy of an entire Redis cluster as of the time when the snapshot was taken.", - MarkdownDescription: "SnapshotSpec defines the desired state of Snapshot. Represents a copy of an entire Redis cluster as of the time when the snapshot was taken.", + Description: "SnapshotSpec defines the desired state of Snapshot.Represents a copy of an entire Redis cluster as of the time when the snapshotwas taken.", + MarkdownDescription: "SnapshotSpec defines the desired state of Snapshot.Represents a copy of an entire Redis cluster as of the time when the snapshotwas taken.", Attributes: map[string]schema.Attribute{ "cache_cluster_id": schema.StringAttribute{ - Description: "The identifier of an existing cluster. The snapshot is created from this cluster.", - MarkdownDescription: "The identifier of an existing cluster. The snapshot is created from this cluster.", + Description: "The identifier of an existing cluster. The snapshot is created from thiscluster.", + MarkdownDescription: "The identifier of an existing cluster. The snapshot is created from thiscluster.", Required: false, Optional: true, Computed: false, @@ -149,8 +149,8 @@ func (r *ElasticacheServicesK8SAwsSnapshotV1Alpha1Manifest) Schema(_ context.Con }, "replication_group_id": schema.StringAttribute{ - Description: "The identifier of an existing replication group. The snapshot is created from this replication group.", - MarkdownDescription: "The identifier of an existing replication group. The snapshot is created from this replication group.", + Description: "The identifier of an existing replication group. The snapshot is createdfrom this replication group.", + MarkdownDescription: "The identifier of an existing replication group. The snapshot is createdfrom this replication group.", Required: false, Optional: true, Computed: false, @@ -173,8 +173,8 @@ func (r *ElasticacheServicesK8SAwsSnapshotV1Alpha1Manifest) Schema(_ context.Con }, "tags": schema.ListNestedAttribute{ - Description: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", - MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", + Description: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", + MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ diff --git a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_user_group_v1alpha1_manifest.go b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_user_group_v1alpha1_manifest.go index 7a16ea581..d13dace37 100644 --- a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_user_group_v1alpha1_manifest.go +++ b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_user_group_v1alpha1_manifest.go @@ -139,8 +139,8 @@ func (r *ElasticacheServicesK8SAwsUserGroupV1Alpha1Manifest) Schema(_ context.Co }, "tags": schema.ListNestedAttribute{ - Description: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", - MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", + Description: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", + MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ diff --git a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_user_v1alpha1_manifest.go b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_user_v1alpha1_manifest.go index 6662230cc..9844b4e73 100644 --- a/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_user_v1alpha1_manifest.go +++ b/internal/provider/elasticache_services_k8s_aws_v1alpha1/elasticache_services_k8s_aws_user_v1alpha1_manifest.go @@ -162,8 +162,8 @@ func (r *ElasticacheServicesK8SAwsUserV1Alpha1Manifest) Schema(_ context.Context }, "passwords": schema.ListNestedAttribute{ - Description: "Passwords used for this user. You can create up to two passwords for each user.", - MarkdownDescription: "Passwords used for this user. You can create up to two passwords for each user.", + Description: "Passwords used for this user. You can create up to two passwords for eachuser.", + MarkdownDescription: "Passwords used for this user. You can create up to two passwords for eachuser.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ @@ -197,8 +197,8 @@ func (r *ElasticacheServicesK8SAwsUserV1Alpha1Manifest) Schema(_ context.Context }, "tags": schema.ListNestedAttribute{ - Description: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", - MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. A tag key must be accompanied by a tag value, although null is accepted.", + Description: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", + MarkdownDescription: "A list of tags to be added to this resource. A tag is a key-value pair. Atag key must be accompanied by a tag value, although null is accepted.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "key": schema.StringAttribute{ diff --git a/internal/provider/elasticsearch_k8s_elastic_co_v1/elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest.go b/internal/provider/elasticsearch_k8s_elastic_co_v1/elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest.go index 1d2a3c901..59922d3e2 100644 --- a/internal/provider/elasticsearch_k8s_elastic_co_v1/elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest.go +++ b/internal/provider/elasticsearch_k8s_elastic_co_v1/elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest.go @@ -92,7 +92,8 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -440,7 +441,11 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -506,12 +511,13 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -692,7 +698,11 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -759,12 +769,13 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -947,7 +958,11 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1013,12 +1028,13 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1048,6 +1064,10 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1556,7 +1576,8 @@ type ElasticsearchK8SElasticCoElasticsearchV1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -1998,6 +2019,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2587,8 +2616,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2596,8 +2625,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2754,8 +2783,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2763,8 +2792,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2921,8 +2950,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2930,8 +2959,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3088,8 +3117,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3097,8 +3126,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4289,6 +4318,31 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4750,8 +4804,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4773,6 +4827,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5968,6 +6030,31 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6437,8 +6524,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6460,6 +6547,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6497,8 +6592,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7672,6 +7767,31 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -8133,8 +8253,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -8156,6 +8276,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -8210,8 +8338,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8347,8 +8475,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8369,6 +8497,31 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8558,8 +8711,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8733,8 +8886,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -9176,8 +9329,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9522,8 +9675,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -10240,8 +10393,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -11099,8 +11252,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -11168,8 +11321,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "conditions": schema.ListNestedAttribute{ - Description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'.", - MarkdownDescription: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'.", + Description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'.", + MarkdownDescription: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "last_probe_time": schema.StringAttribute{ @@ -11203,8 +11356,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont }, "reason": schema.StringAttribute{ - Description: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized.", - MarkdownDescription: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized.", + Description: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized.", + MarkdownDescription: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized.", Required: false, Optional: true, Computed: false, @@ -11837,6 +11990,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Manifest) Schema(_ context.Cont Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", diff --git a/internal/provider/elasticsearch_k8s_elastic_co_v1beta1/elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest.go b/internal/provider/elasticsearch_k8s_elastic_co_v1beta1/elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest.go index e442cf93e..bac822c90 100644 --- a/internal/provider/elasticsearch_k8s_elastic_co_v1beta1/elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest.go +++ b/internal/provider/elasticsearch_k8s_elastic_co_v1beta1/elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest.go @@ -84,7 +84,8 @@ type ElasticsearchK8SElasticCoElasticsearchV1Beta1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -414,7 +415,11 @@ type ElasticsearchK8SElasticCoElasticsearchV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -480,12 +485,13 @@ type ElasticsearchK8SElasticCoElasticsearchV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -666,7 +672,11 @@ type ElasticsearchK8SElasticCoElasticsearchV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -733,12 +743,13 @@ type ElasticsearchK8SElasticCoElasticsearchV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -921,7 +932,11 @@ type ElasticsearchK8SElasticCoElasticsearchV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -987,12 +1002,13 @@ type ElasticsearchK8SElasticCoElasticsearchV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1022,6 +1038,10 @@ type ElasticsearchK8SElasticCoElasticsearchV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1850,6 +1870,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2329,8 +2357,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2338,8 +2366,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2496,8 +2524,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2505,8 +2533,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2663,8 +2691,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2672,8 +2700,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2830,8 +2858,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2839,8 +2867,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4031,6 +4059,31 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4492,8 +4545,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4515,6 +4568,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5710,6 +5771,31 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6179,8 +6265,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6202,6 +6288,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6239,8 +6333,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7414,6 +7508,31 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -7875,8 +7994,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -7898,6 +8017,14 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7952,8 +8079,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8089,8 +8216,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8111,6 +8238,31 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8300,8 +8452,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8475,8 +8627,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -8918,8 +9070,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9264,8 +9416,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -9982,8 +10134,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -10841,8 +10993,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -10910,8 +11062,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "conditions": schema.ListNestedAttribute{ - Description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'.", - MarkdownDescription: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'ResizeStarted'.", + Description: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'.", + MarkdownDescription: "conditions is the current Condition of persistent volume claim. If underlying persistent volume is beingresized then the Condition will be set to 'Resizing'.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "last_probe_time": schema.StringAttribute{ @@ -10945,8 +11097,8 @@ func (r *ElasticsearchK8SElasticCoElasticsearchV1Beta1Manifest) Schema(_ context }, "reason": schema.StringAttribute{ - Description: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized.", - MarkdownDescription: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'ResizeStarted' that means the underlyingpersistent volume is being resized.", + Description: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized.", + MarkdownDescription: "reason is a unique, this should be a short, machine understandable string that gives the reasonfor condition's last transition. If it reports 'Resizing' that means the underlyingpersistent volume is being resized.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/elbv2_k8s_aws_v1beta1/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.go b/internal/provider/elbv2_k8s_aws_v1beta1/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.go index eaba540bd..7b8db7e74 100644 --- a/internal/provider/elbv2_k8s_aws_v1beta1/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.go +++ b/internal/provider/elbv2_k8s_aws_v1beta1/elbv2_k8s_aws_ingress_class_params_v1beta1_manifest.go @@ -42,7 +42,8 @@ type Elbv2K8SAwsIngressClassParamsV1Beta1ManifestData struct { } `tfsdk:"metadata" json:"metadata"` Spec *struct { - Group *struct { + CertficateArn *[]string `tfsdk:"certficate_arn" json:"certficateArn,omitempty"` + Group *struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"group" json:"group,omitempty"` InboundCIDRs *[]string `tfsdk:"inbound_cid_rs" json:"inboundCIDRs,omitempty"` @@ -137,6 +138,15 @@ func (r *Elbv2K8SAwsIngressClassParamsV1Beta1Manifest) Schema(_ context.Context, Description: "IngressClassParamsSpec defines the desired state of IngressClassParams", MarkdownDescription: "IngressClassParamsSpec defines the desired state of IngressClassParams", Attributes: map[string]schema.Attribute{ + "certficate_arn": schema.ListAttribute{ + Description: "CertificateARN specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams.", + MarkdownDescription: "CertificateARN specifies the ARN of the certificates for all Ingresses that belong to IngressClass with this IngressClassParams.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "group": schema.SingleNestedAttribute{ Description: "Group defines the IngressGroup for all Ingresses that belong to IngressClass with this IngressClassParams.", MarkdownDescription: "Group defines the IngressGroup for all Ingresses that belong to IngressClass with this IngressClassParams.", diff --git a/internal/provider/enterprisesearch_k8s_elastic_co_v1/enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest.go b/internal/provider/enterprisesearch_k8s_elastic_co_v1/enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest.go index 0d405b434..d5e78bb13 100644 --- a/internal/provider/enterprisesearch_k8s_elastic_co_v1/enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest.go +++ b/internal/provider/enterprisesearch_k8s_elastic_co_v1/enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest.go @@ -93,7 +93,8 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -419,7 +420,11 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -485,12 +490,13 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -671,7 +677,11 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -738,12 +748,13 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -926,7 +937,11 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -992,12 +1007,13 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1027,6 +1043,10 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1835,6 +1855,14 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2277,8 +2305,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2286,8 +2314,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2444,8 +2472,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2453,8 +2481,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2611,8 +2639,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2620,8 +2648,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2778,8 +2806,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2787,8 +2815,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3979,6 +4007,31 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4440,8 +4493,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4463,6 +4516,14 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5658,6 +5719,31 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6127,8 +6213,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6150,6 +6236,14 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6187,8 +6281,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7362,6 +7456,31 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -7823,8 +7942,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -7846,6 +7965,14 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7900,8 +8027,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8037,8 +8164,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8059,6 +8186,31 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8248,8 +8400,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8423,8 +8575,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -8866,8 +9018,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9212,8 +9364,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -9930,8 +10082,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Manifest) Schema(_ contex NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", diff --git a/internal/provider/enterprisesearch_k8s_elastic_co_v1beta1/enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest.go b/internal/provider/enterprisesearch_k8s_elastic_co_v1beta1/enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest.go index 15ed7bf1e..f95abf318 100644 --- a/internal/provider/enterprisesearch_k8s_elastic_co_v1beta1/enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest.go +++ b/internal/provider/enterprisesearch_k8s_elastic_co_v1beta1/enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest.go @@ -93,7 +93,8 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -419,7 +420,11 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -485,12 +490,13 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -671,7 +677,11 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -738,12 +748,13 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -926,7 +937,11 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -992,12 +1007,13 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1027,6 +1043,10 @@ type EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1834,6 +1854,14 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2276,8 +2304,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2285,8 +2313,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2443,8 +2471,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2452,8 +2480,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2610,8 +2638,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2619,8 +2647,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2777,8 +2805,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2786,8 +2814,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3978,6 +4006,31 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4439,8 +4492,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4462,6 +4515,14 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5657,6 +5718,31 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6126,8 +6212,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6149,6 +6235,14 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6186,8 +6280,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7361,6 +7455,31 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -7822,8 +7941,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -7845,6 +7964,14 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7899,8 +8026,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8036,8 +8163,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8058,6 +8185,31 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8247,8 +8399,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8422,8 +8574,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -8865,8 +9017,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9211,8 +9363,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -9929,8 +10081,8 @@ func (r *EnterprisesearchK8SElasticCoEnterpriseSearchV1Beta1Manifest) Schema(_ c NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", diff --git a/internal/provider/externaldata_gatekeeper_sh_v1alpha1/externaldata_gatekeeper_sh_provider_v1alpha1_manifest.go b/internal/provider/externaldata_gatekeeper_sh_v1alpha1/externaldata_gatekeeper_sh_provider_v1alpha1_manifest.go index dbc399442..798115a51 100644 --- a/internal/provider/externaldata_gatekeeper_sh_v1alpha1/externaldata_gatekeeper_sh_provider_v1alpha1_manifest.go +++ b/internal/provider/externaldata_gatekeeper_sh_v1alpha1/externaldata_gatekeeper_sh_provider_v1alpha1_manifest.go @@ -114,8 +114,8 @@ func (r *ExternaldataGatekeeperShProviderV1Alpha1Manifest) Schema(_ context.Cont MarkdownDescription: "Spec defines the Provider specifications.", Attributes: map[string]schema.Attribute{ "ca_bundle": schema.StringAttribute{ - Description: "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.", - MarkdownDescription: "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.", + Description: "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format.It is used to verify the signature of the provider's certificate.", + MarkdownDescription: "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format.It is used to verify the signature of the provider's certificate.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/externaldata_gatekeeper_sh_v1beta1/externaldata_gatekeeper_sh_provider_v1beta1_manifest.go b/internal/provider/externaldata_gatekeeper_sh_v1beta1/externaldata_gatekeeper_sh_provider_v1beta1_manifest.go index fd508f3e1..7c64f78f1 100644 --- a/internal/provider/externaldata_gatekeeper_sh_v1beta1/externaldata_gatekeeper_sh_provider_v1beta1_manifest.go +++ b/internal/provider/externaldata_gatekeeper_sh_v1beta1/externaldata_gatekeeper_sh_provider_v1beta1_manifest.go @@ -114,8 +114,8 @@ func (r *ExternaldataGatekeeperShProviderV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "Spec defines the Provider specifications.", Attributes: map[string]schema.Attribute{ "ca_bundle": schema.StringAttribute{ - Description: "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.", - MarkdownDescription: "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format. It is used to verify the signature of the provider's certificate.", + Description: "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format.It is used to verify the signature of the provider's certificate.", + MarkdownDescription: "CABundle is a base64-encoded string that contains the TLS CA bundle in PEM format.It is used to verify the signature of the provider's certificate.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/gateway_networking_k8s_io_v1/gateway_networking_k8s_io_gateway_class_v1_manifest.go b/internal/provider/gateway_networking_k8s_io_v1/gateway_networking_k8s_io_gateway_class_v1_manifest.go index faa8ee2d9..a7bc3f867 100644 --- a/internal/provider/gateway_networking_k8s_io_v1/gateway_networking_k8s_io_gateway_class_v1_manifest.go +++ b/internal/provider/gateway_networking_k8s_io_v1/gateway_networking_k8s_io_gateway_class_v1_manifest.go @@ -144,8 +144,8 @@ func (r *GatewayNetworkingK8SIoGatewayClassV1Manifest) Schema(_ context.Context, }, "parameters_ref": schema.SingleNestedAttribute{ - Description: "ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, the GatewayClass's 'InvalidParameters'status condition will be true.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific", - MarkdownDescription: "ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, the GatewayClass's 'InvalidParameters'status condition will be true.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific", + Description: "ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, refers to an unsupported kind, or whenthe data within that resource is malformed, the GatewayClass SHOULD berejected with the 'Accepted' status condition set to 'False' and an'InvalidParameters' reason.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific", + MarkdownDescription: "ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, refers to an unsupported kind, or whenthe data within that resource is malformed, the GatewayClass SHOULD berejected with the 'Accepted' status condition set to 'False' and an'InvalidParameters' reason.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific", Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ Description: "Group is the group of the referent.", diff --git a/internal/provider/gateway_networking_k8s_io_v1beta1/gateway_networking_k8s_io_gateway_class_v1beta1_manifest.go b/internal/provider/gateway_networking_k8s_io_v1beta1/gateway_networking_k8s_io_gateway_class_v1beta1_manifest.go index cae2adfff..80f6b4760 100644 --- a/internal/provider/gateway_networking_k8s_io_v1beta1/gateway_networking_k8s_io_gateway_class_v1beta1_manifest.go +++ b/internal/provider/gateway_networking_k8s_io_v1beta1/gateway_networking_k8s_io_gateway_class_v1beta1_manifest.go @@ -144,8 +144,8 @@ func (r *GatewayNetworkingK8SIoGatewayClassV1Beta1Manifest) Schema(_ context.Con }, "parameters_ref": schema.SingleNestedAttribute{ - Description: "ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, the GatewayClass's 'InvalidParameters'status condition will be true.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific", - MarkdownDescription: "ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, the GatewayClass's 'InvalidParameters'status condition will be true.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific", + Description: "ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, refers to an unsupported kind, or whenthe data within that resource is malformed, the GatewayClass SHOULD berejected with the 'Accepted' status condition set to 'False' and an'InvalidParameters' reason.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific", + MarkdownDescription: "ParametersRef is a reference to a resource that contains the configurationparameters corresponding to the GatewayClass. This is optional if thecontroller does not require any additional configuration.ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,or an implementation-specific custom resource. The resource can becluster-scoped or namespace-scoped.If the referent cannot be found, refers to an unsupported kind, or whenthe data within that resource is malformed, the GatewayClass SHOULD berejected with the 'Accepted' status condition set to 'False' and an'InvalidParameters' reason.A Gateway for this GatewayClass may provide its own 'parametersRef'. When both are specified,the merging behavior is implementation specific.It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.Support: Implementation-specific", Attributes: map[string]schema.Attribute{ "group": schema.StringAttribute{ Description: "Group is the group of the referent.", diff --git a/internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest.go b/internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest.go new file mode 100644 index 000000000..31e1a454a --- /dev/null +++ b/internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest.go @@ -0,0 +1,1477 @@ +/* +* SPDX-FileCopyrightText: The terraform-provider-k8s Authors +* SPDX-License-Identifier: 0BSD + */ + +package helm_toolkit_fluxcd_io_v2 + +import ( + "context" + "github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator" + "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/hashicorp/terraform-plugin-framework/datasource/schema" + "github.com/hashicorp/terraform-plugin-framework/schema/validator" + "github.com/hashicorp/terraform-plugin-framework/types" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/metio/terraform-provider-k8s/internal/utilities" + "github.com/metio/terraform-provider-k8s/internal/validators" + "k8s.io/utils/pointer" + "regexp" + "sigs.k8s.io/yaml" +) + +var ( + _ datasource.DataSource = &HelmToolkitFluxcdIoHelmReleaseV2Manifest{} +) + +func NewHelmToolkitFluxcdIoHelmReleaseV2Manifest() datasource.DataSource { + return &HelmToolkitFluxcdIoHelmReleaseV2Manifest{} +} + +type HelmToolkitFluxcdIoHelmReleaseV2Manifest struct{} + +type HelmToolkitFluxcdIoHelmReleaseV2ManifestData struct { + YAML types.String `tfsdk:"yaml" json:"-"` + + ApiVersion *string `tfsdk:"-" json:"apiVersion"` + Kind *string `tfsdk:"-" json:"kind"` + + Metadata struct { + Name string `tfsdk:"name" json:"name"` + Namespace string `tfsdk:"namespace" json:"namespace"` + Labels map[string]string `tfsdk:"labels" json:"labels,omitempty"` + Annotations map[string]string `tfsdk:"annotations" json:"annotations,omitempty"` + } `tfsdk:"metadata" json:"metadata"` + + Spec *struct { + Chart *struct { + Metadata *struct { + Annotations *map[string]string `tfsdk:"annotations" json:"annotations,omitempty"` + Labels *map[string]string `tfsdk:"labels" json:"labels,omitempty"` + } `tfsdk:"metadata" json:"metadata,omitempty"` + Spec *struct { + Chart *string `tfsdk:"chart" json:"chart,omitempty"` + IgnoreMissingValuesFiles *bool `tfsdk:"ignore_missing_values_files" json:"ignoreMissingValuesFiles,omitempty"` + Interval *string `tfsdk:"interval" json:"interval,omitempty"` + ReconcileStrategy *string `tfsdk:"reconcile_strategy" json:"reconcileStrategy,omitempty"` + SourceRef *struct { + ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` + Kind *string `tfsdk:"kind" json:"kind,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + } `tfsdk:"source_ref" json:"sourceRef,omitempty"` + ValuesFiles *[]string `tfsdk:"values_files" json:"valuesFiles,omitempty"` + Verify *struct { + Provider *string `tfsdk:"provider" json:"provider,omitempty"` + SecretRef *struct { + Name *string `tfsdk:"name" json:"name,omitempty"` + } `tfsdk:"secret_ref" json:"secretRef,omitempty"` + } `tfsdk:"verify" json:"verify,omitempty"` + Version *string `tfsdk:"version" json:"version,omitempty"` + } `tfsdk:"spec" json:"spec,omitempty"` + } `tfsdk:"chart" json:"chart,omitempty"` + ChartRef *struct { + ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` + Kind *string `tfsdk:"kind" json:"kind,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + } `tfsdk:"chart_ref" json:"chartRef,omitempty"` + DependsOn *[]struct { + Name *string `tfsdk:"name" json:"name,omitempty"` + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + } `tfsdk:"depends_on" json:"dependsOn,omitempty"` + DriftDetection *struct { + Ignore *[]struct { + Paths *[]string `tfsdk:"paths" json:"paths,omitempty"` + Target *struct { + AnnotationSelector *string `tfsdk:"annotation_selector" json:"annotationSelector,omitempty"` + Group *string `tfsdk:"group" json:"group,omitempty"` + Kind *string `tfsdk:"kind" json:"kind,omitempty"` + LabelSelector *string `tfsdk:"label_selector" json:"labelSelector,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Version *string `tfsdk:"version" json:"version,omitempty"` + } `tfsdk:"target" json:"target,omitempty"` + } `tfsdk:"ignore" json:"ignore,omitempty"` + Mode *string `tfsdk:"mode" json:"mode,omitempty"` + } `tfsdk:"drift_detection" json:"driftDetection,omitempty"` + Install *struct { + Crds *string `tfsdk:"crds" json:"crds,omitempty"` + CreateNamespace *bool `tfsdk:"create_namespace" json:"createNamespace,omitempty"` + DisableHooks *bool `tfsdk:"disable_hooks" json:"disableHooks,omitempty"` + DisableOpenAPIValidation *bool `tfsdk:"disable_open_api_validation" json:"disableOpenAPIValidation,omitempty"` + DisableWait *bool `tfsdk:"disable_wait" json:"disableWait,omitempty"` + DisableWaitForJobs *bool `tfsdk:"disable_wait_for_jobs" json:"disableWaitForJobs,omitempty"` + Remediation *struct { + IgnoreTestFailures *bool `tfsdk:"ignore_test_failures" json:"ignoreTestFailures,omitempty"` + RemediateLastFailure *bool `tfsdk:"remediate_last_failure" json:"remediateLastFailure,omitempty"` + Retries *int64 `tfsdk:"retries" json:"retries,omitempty"` + } `tfsdk:"remediation" json:"remediation,omitempty"` + Replace *bool `tfsdk:"replace" json:"replace,omitempty"` + SkipCRDs *bool `tfsdk:"skip_cr_ds" json:"skipCRDs,omitempty"` + Timeout *string `tfsdk:"timeout" json:"timeout,omitempty"` + } `tfsdk:"install" json:"install,omitempty"` + Interval *string `tfsdk:"interval" json:"interval,omitempty"` + KubeConfig *struct { + SecretRef *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + } `tfsdk:"secret_ref" json:"secretRef,omitempty"` + } `tfsdk:"kube_config" json:"kubeConfig,omitempty"` + MaxHistory *int64 `tfsdk:"max_history" json:"maxHistory,omitempty"` + PersistentClient *bool `tfsdk:"persistent_client" json:"persistentClient,omitempty"` + PostRenderers *[]struct { + Kustomize *struct { + Images *[]struct { + Digest *string `tfsdk:"digest" json:"digest,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + NewName *string `tfsdk:"new_name" json:"newName,omitempty"` + NewTag *string `tfsdk:"new_tag" json:"newTag,omitempty"` + } `tfsdk:"images" json:"images,omitempty"` + Patches *[]struct { + Patch *string `tfsdk:"patch" json:"patch,omitempty"` + Target *struct { + AnnotationSelector *string `tfsdk:"annotation_selector" json:"annotationSelector,omitempty"` + Group *string `tfsdk:"group" json:"group,omitempty"` + Kind *string `tfsdk:"kind" json:"kind,omitempty"` + LabelSelector *string `tfsdk:"label_selector" json:"labelSelector,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` + Version *string `tfsdk:"version" json:"version,omitempty"` + } `tfsdk:"target" json:"target,omitempty"` + } `tfsdk:"patches" json:"patches,omitempty"` + } `tfsdk:"kustomize" json:"kustomize,omitempty"` + } `tfsdk:"post_renderers" json:"postRenderers,omitempty"` + ReleaseName *string `tfsdk:"release_name" json:"releaseName,omitempty"` + Rollback *struct { + CleanupOnFail *bool `tfsdk:"cleanup_on_fail" json:"cleanupOnFail,omitempty"` + DisableHooks *bool `tfsdk:"disable_hooks" json:"disableHooks,omitempty"` + DisableWait *bool `tfsdk:"disable_wait" json:"disableWait,omitempty"` + DisableWaitForJobs *bool `tfsdk:"disable_wait_for_jobs" json:"disableWaitForJobs,omitempty"` + Force *bool `tfsdk:"force" json:"force,omitempty"` + Recreate *bool `tfsdk:"recreate" json:"recreate,omitempty"` + Timeout *string `tfsdk:"timeout" json:"timeout,omitempty"` + } `tfsdk:"rollback" json:"rollback,omitempty"` + ServiceAccountName *string `tfsdk:"service_account_name" json:"serviceAccountName,omitempty"` + StorageNamespace *string `tfsdk:"storage_namespace" json:"storageNamespace,omitempty"` + Suspend *bool `tfsdk:"suspend" json:"suspend,omitempty"` + TargetNamespace *string `tfsdk:"target_namespace" json:"targetNamespace,omitempty"` + Test *struct { + Enable *bool `tfsdk:"enable" json:"enable,omitempty"` + Filters *[]struct { + Exclude *bool `tfsdk:"exclude" json:"exclude,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + } `tfsdk:"filters" json:"filters,omitempty"` + IgnoreFailures *bool `tfsdk:"ignore_failures" json:"ignoreFailures,omitempty"` + Timeout *string `tfsdk:"timeout" json:"timeout,omitempty"` + } `tfsdk:"test" json:"test,omitempty"` + Timeout *string `tfsdk:"timeout" json:"timeout,omitempty"` + Uninstall *struct { + DeletionPropagation *string `tfsdk:"deletion_propagation" json:"deletionPropagation,omitempty"` + DisableHooks *bool `tfsdk:"disable_hooks" json:"disableHooks,omitempty"` + DisableWait *bool `tfsdk:"disable_wait" json:"disableWait,omitempty"` + KeepHistory *bool `tfsdk:"keep_history" json:"keepHistory,omitempty"` + Timeout *string `tfsdk:"timeout" json:"timeout,omitempty"` + } `tfsdk:"uninstall" json:"uninstall,omitempty"` + Upgrade *struct { + CleanupOnFail *bool `tfsdk:"cleanup_on_fail" json:"cleanupOnFail,omitempty"` + Crds *string `tfsdk:"crds" json:"crds,omitempty"` + DisableHooks *bool `tfsdk:"disable_hooks" json:"disableHooks,omitempty"` + DisableOpenAPIValidation *bool `tfsdk:"disable_open_api_validation" json:"disableOpenAPIValidation,omitempty"` + DisableWait *bool `tfsdk:"disable_wait" json:"disableWait,omitempty"` + DisableWaitForJobs *bool `tfsdk:"disable_wait_for_jobs" json:"disableWaitForJobs,omitempty"` + Force *bool `tfsdk:"force" json:"force,omitempty"` + PreserveValues *bool `tfsdk:"preserve_values" json:"preserveValues,omitempty"` + Remediation *struct { + IgnoreTestFailures *bool `tfsdk:"ignore_test_failures" json:"ignoreTestFailures,omitempty"` + RemediateLastFailure *bool `tfsdk:"remediate_last_failure" json:"remediateLastFailure,omitempty"` + Retries *int64 `tfsdk:"retries" json:"retries,omitempty"` + Strategy *string `tfsdk:"strategy" json:"strategy,omitempty"` + } `tfsdk:"remediation" json:"remediation,omitempty"` + Timeout *string `tfsdk:"timeout" json:"timeout,omitempty"` + } `tfsdk:"upgrade" json:"upgrade,omitempty"` + Values *map[string]string `tfsdk:"values" json:"values,omitempty"` + ValuesFrom *[]struct { + Kind *string `tfsdk:"kind" json:"kind,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + TargetPath *string `tfsdk:"target_path" json:"targetPath,omitempty"` + ValuesKey *string `tfsdk:"values_key" json:"valuesKey,omitempty"` + } `tfsdk:"values_from" json:"valuesFrom,omitempty"` + } `tfsdk:"spec" json:"spec,omitempty"` +} + +func (r *HelmToolkitFluxcdIoHelmReleaseV2Manifest) Metadata(_ context.Context, request datasource.MetadataRequest, response *datasource.MetadataResponse) { + response.TypeName = request.ProviderTypeName + "_helm_toolkit_fluxcd_io_helm_release_v2_manifest" +} + +func (r *HelmToolkitFluxcdIoHelmReleaseV2Manifest) Schema(_ context.Context, _ datasource.SchemaRequest, response *datasource.SchemaResponse) { + response.Schema = schema.Schema{ + Description: "HelmRelease is the Schema for the helmreleases API", + MarkdownDescription: "HelmRelease is the Schema for the helmreleases API", + Attributes: map[string]schema.Attribute{ + "yaml": schema.StringAttribute{ + Description: "The generated manifest in YAML format.", + MarkdownDescription: "The generated manifest in YAML format.", + Required: false, + Optional: false, + Computed: true, + }, + + "metadata": schema.SingleNestedAttribute{ + Description: "Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details.", + MarkdownDescription: "Data that helps uniquely identify this object. See https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata for more details.", + Required: true, + Optional: false, + Computed: false, + Attributes: map[string]schema.Attribute{ + "name": schema.StringAttribute{ + Description: "Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.", + MarkdownDescription: "Unique identifier for this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names for more details.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + validators.NameValidator(), + stringvalidator.LengthAtLeast(1), + }, + }, + + "namespace": schema.StringAttribute{ + Description: "Namespaces provides a mechanism for isolating groups of resources within a single cluster. See https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ for more details.", + MarkdownDescription: "Namespaces provides a mechanism for isolating groups of resources within a single cluster. See https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ for more details.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + validators.NameValidator(), + stringvalidator.LengthAtLeast(1), + }, + }, + + "labels": schema.MapAttribute{ + Description: "Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.", + MarkdownDescription: "Keys and values that can be used to organize and categorize objects. See https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ for more details.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + Validators: []validator.Map{ + validators.LabelValidator(), + }, + }, + "annotations": schema.MapAttribute{ + Description: "Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.", + MarkdownDescription: "Keys and values that can be used by external tooling to store and retrieve arbitrary metadata about this object. See https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ for more details.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + Validators: []validator.Map{ + validators.AnnotationValidator(), + }, + }, + }, + }, + + "spec": schema.SingleNestedAttribute{ + Description: "HelmReleaseSpec defines the desired state of a Helm release.", + MarkdownDescription: "HelmReleaseSpec defines the desired state of a Helm release.", + Attributes: map[string]schema.Attribute{ + "chart": schema.SingleNestedAttribute{ + Description: "Chart defines the template of the v1beta2.HelmChart that should be createdfor this HelmRelease.", + MarkdownDescription: "Chart defines the template of the v1beta2.HelmChart that should be createdfor this HelmRelease.", + Attributes: map[string]schema.Attribute{ + "metadata": schema.SingleNestedAttribute{ + Description: "ObjectMeta holds the template for metadata like labels and annotations.", + MarkdownDescription: "ObjectMeta holds the template for metadata like labels and annotations.", + Attributes: map[string]schema.Attribute{ + "annotations": schema.MapAttribute{ + Description: "Annotations is an unstructured key value map stored with a resource that may beset by external tools to store and retrieve arbitrary metadata. They are notqueryable and should be preserved when modifying objects.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", + MarkdownDescription: "Annotations is an unstructured key value map stored with a resource that may beset by external tools to store and retrieve arbitrary metadata. They are notqueryable and should be preserved when modifying objects.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "labels": schema.MapAttribute{ + Description: "Map of string keys and values that can be used to organize and categorize(scope and select) objects.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + MarkdownDescription: "Map of string keys and values that can be used to organize and categorize(scope and select) objects.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "spec": schema.SingleNestedAttribute{ + Description: "Spec holds the template for the v1beta2.HelmChartSpec for this HelmRelease.", + MarkdownDescription: "Spec holds the template for the v1beta2.HelmChartSpec for this HelmRelease.", + Attributes: map[string]schema.Attribute{ + "chart": schema.StringAttribute{ + Description: "The name or path the Helm chart is available at in the SourceRef.", + MarkdownDescription: "The name or path the Helm chart is available at in the SourceRef.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(2048), + }, + }, + + "ignore_missing_values_files": schema.BoolAttribute{ + Description: "IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than failing.", + MarkdownDescription: "IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than failing.", + Required: false, + Optional: true, + Computed: false, + }, + + "interval": schema.StringAttribute{ + Description: "Interval at which to check the v1.Source for updates. Defaults to'HelmReleaseSpec.Interval'.", + MarkdownDescription: "Interval at which to check the v1.Source for updates. Defaults to'HelmReleaseSpec.Interval'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), + }, + }, + + "reconcile_strategy": schema.StringAttribute{ + Description: "Determines what enables the creation of a new artifact. Valid values are('ChartVersion', 'Revision').See the documentation of the values for an explanation on their behavior.Defaults to ChartVersion when omitted.", + MarkdownDescription: "Determines what enables the creation of a new artifact. Valid values are('ChartVersion', 'Revision').See the documentation of the values for an explanation on their behavior.Defaults to ChartVersion when omitted.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("ChartVersion", "Revision"), + }, + }, + + "source_ref": schema.SingleNestedAttribute{ + Description: "The name and namespace of the v1.Source the chart is available at.", + MarkdownDescription: "The name and namespace of the v1.Source the chart is available at.", + Attributes: map[string]schema.Attribute{ + "api_version": schema.StringAttribute{ + Description: "APIVersion of the referent.", + MarkdownDescription: "APIVersion of the referent.", + Required: false, + Optional: true, + Computed: false, + }, + + "kind": schema.StringAttribute{ + Description: "Kind of the referent.", + MarkdownDescription: "Kind of the referent.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("HelmRepository", "GitRepository", "Bucket"), + }, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.", + MarkdownDescription: "Name of the referent.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(253), + }, + }, + + "namespace": schema.StringAttribute{ + Description: "Namespace of the referent.", + MarkdownDescription: "Namespace of the referent.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(63), + }, + }, + }, + Required: true, + Optional: false, + Computed: false, + }, + + "values_files": schema.ListAttribute{ + Description: "Alternative list of values files to use as the chart values (values.yamlis not included by default), expected to be a relative path in the SourceRef.Values files are merged in the order of this list with the last file overridingthe first. Ignored when omitted.", + MarkdownDescription: "Alternative list of values files to use as the chart values (values.yamlis not included by default), expected to be a relative path in the SourceRef.Values files are merged in the order of this list with the last file overridingthe first. Ignored when omitted.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "verify": schema.SingleNestedAttribute{ + Description: "Verify contains the secret name containing the trusted public keysused to verify the signature and specifies which provider to use to checkwhether OCI image is authentic.This field is only supported for OCI sources.Chart dependencies, which are not bundled in the umbrella chart artifact,are not verified.", + MarkdownDescription: "Verify contains the secret name containing the trusted public keysused to verify the signature and specifies which provider to use to checkwhether OCI image is authentic.This field is only supported for OCI sources.Chart dependencies, which are not bundled in the umbrella chart artifact,are not verified.", + Attributes: map[string]schema.Attribute{ + "provider": schema.StringAttribute{ + Description: "Provider specifies the technology used to sign the OCI Helm chart.", + MarkdownDescription: "Provider specifies the technology used to sign the OCI Helm chart.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("cosign", "notation"), + }, + }, + + "secret_ref": schema.SingleNestedAttribute{ + Description: "SecretRef specifies the Kubernetes Secret containing thetrusted public keys.", + MarkdownDescription: "SecretRef specifies the Kubernetes Secret containing thetrusted public keys.", + Attributes: map[string]schema.Attribute{ + "name": schema.StringAttribute{ + Description: "Name of the referent.", + MarkdownDescription: "Name of the referent.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "version": schema.StringAttribute{ + Description: "Version semver expression, ignored for charts from v1beta2.GitRepository andv1beta2.Bucket sources. Defaults to latest when omitted.", + MarkdownDescription: "Version semver expression, ignored for charts from v1beta2.GitRepository andv1beta2.Bucket sources. Defaults to latest when omitted.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "chart_ref": schema.SingleNestedAttribute{ + Description: "ChartRef holds a reference to a source controller resource containing theHelm chart artifact.", + MarkdownDescription: "ChartRef holds a reference to a source controller resource containing theHelm chart artifact.", + Attributes: map[string]schema.Attribute{ + "api_version": schema.StringAttribute{ + Description: "APIVersion of the referent.", + MarkdownDescription: "APIVersion of the referent.", + Required: false, + Optional: true, + Computed: false, + }, + + "kind": schema.StringAttribute{ + Description: "Kind of the referent.", + MarkdownDescription: "Kind of the referent.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("OCIRepository", "HelmChart"), + }, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.", + MarkdownDescription: "Name of the referent.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(253), + }, + }, + + "namespace": schema.StringAttribute{ + Description: "Namespace of the referent, defaults to the namespace of the Kubernetesresource object that contains the reference.", + MarkdownDescription: "Namespace of the referent, defaults to the namespace of the Kubernetesresource object that contains the reference.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(63), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "depends_on": schema.ListNestedAttribute{ + Description: "DependsOn may contain a meta.NamespacedObjectReference slice withreferences to HelmRelease resources that must be ready before this HelmReleasecan be reconciled.", + MarkdownDescription: "DependsOn may contain a meta.NamespacedObjectReference slice withreferences to HelmRelease resources that must be ready before this HelmReleasecan be reconciled.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "name": schema.StringAttribute{ + Description: "Name of the referent.", + MarkdownDescription: "Name of the referent.", + Required: true, + Optional: false, + Computed: false, + }, + + "namespace": schema.StringAttribute{ + Description: "Namespace of the referent, when not specified it acts as LocalObjectReference.", + MarkdownDescription: "Namespace of the referent, when not specified it acts as LocalObjectReference.", + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "drift_detection": schema.SingleNestedAttribute{ + Description: "DriftDetection holds the configuration for detecting and handlingdifferences between the manifest in the Helm storage and the resourcescurrently existing in the cluster.", + MarkdownDescription: "DriftDetection holds the configuration for detecting and handlingdifferences between the manifest in the Helm storage and the resourcescurrently existing in the cluster.", + Attributes: map[string]schema.Attribute{ + "ignore": schema.ListNestedAttribute{ + Description: "Ignore contains a list of rules for specifying which changes to ignoreduring diffing.", + MarkdownDescription: "Ignore contains a list of rules for specifying which changes to ignoreduring diffing.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "paths": schema.ListAttribute{ + Description: "Paths is a list of JSON Pointer (RFC 6901) paths to be excluded fromconsideration in a Kubernetes object.", + MarkdownDescription: "Paths is a list of JSON Pointer (RFC 6901) paths to be excluded fromconsideration in a Kubernetes object.", + ElementType: types.StringType, + Required: true, + Optional: false, + Computed: false, + }, + + "target": schema.SingleNestedAttribute{ + Description: "Target is a selector for specifying Kubernetes objects to which thisrule applies.If Target is not set, the Paths will be ignored for all Kubernetesobjects within the manifest of the Helm release.", + MarkdownDescription: "Target is a selector for specifying Kubernetes objects to which thisrule applies.If Target is not set, the Paths will be ignored for all Kubernetesobjects within the manifest of the Helm release.", + Attributes: map[string]schema.Attribute{ + "annotation_selector": schema.StringAttribute{ + Description: "AnnotationSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource annotations.", + MarkdownDescription: "AnnotationSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource annotations.", + Required: false, + Optional: true, + Computed: false, + }, + + "group": schema.StringAttribute{ + Description: "Group is the API group to select resources from.Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + MarkdownDescription: "Group is the API group to select resources from.Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + Required: false, + Optional: true, + Computed: false, + }, + + "kind": schema.StringAttribute{ + Description: "Kind of the API Group to select resources from.Together with Group and Version it is capable of unambiguouslyidentifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + MarkdownDescription: "Kind of the API Group to select resources from.Together with Group and Version it is capable of unambiguouslyidentifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + Required: false, + Optional: true, + Computed: false, + }, + + "label_selector": schema.StringAttribute{ + Description: "LabelSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource labels.", + MarkdownDescription: "LabelSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource labels.", + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name to match resources with.", + MarkdownDescription: "Name to match resources with.", + Required: false, + Optional: true, + Computed: false, + }, + + "namespace": schema.StringAttribute{ + Description: "Namespace to select resources from.", + MarkdownDescription: "Namespace to select resources from.", + Required: false, + Optional: true, + Computed: false, + }, + + "version": schema.StringAttribute{ + Description: "Version of the API Group to select resources from.Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + MarkdownDescription: "Version of the API Group to select resources from.Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "mode": schema.StringAttribute{ + Description: "Mode defines how differences should be handled between the Helm manifestand the manifest currently applied to the cluster.If not explicitly set, it defaults to DiffModeDisabled.", + MarkdownDescription: "Mode defines how differences should be handled between the Helm manifestand the manifest currently applied to the cluster.If not explicitly set, it defaults to DiffModeDisabled.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("enabled", "warn", "disabled"), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "install": schema.SingleNestedAttribute{ + Description: "Install holds the configuration for Helm install actions for this HelmRelease.", + MarkdownDescription: "Install holds the configuration for Helm install actions for this HelmRelease.", + Attributes: map[string]schema.Attribute{ + "crds": schema.StringAttribute{ + Description: "CRDs upgrade CRDs from the Helm Chart's crds directory accordingto the CRD upgrade policy provided here. Valid values are 'Skip','Create' or 'CreateReplace'. Default is 'Create' and if omittedCRDs are installed but not updated.Skip: do neither install nor replace (update) any CRDs.Create: new CRDs are created, existing CRDs are neither updated nor deleted.CreateReplace: new CRDs are created, existing CRDs are updated (replaced)but not deleted.By default, CRDs are applied (installed) during Helm install action.With this option users can opt in to CRD replace existing CRDs on Helminstall actions, which is not (yet) natively supported by Helm.https://helm.sh/docs/chart_best_practices/custom_resource_definitions.", + MarkdownDescription: "CRDs upgrade CRDs from the Helm Chart's crds directory accordingto the CRD upgrade policy provided here. Valid values are 'Skip','Create' or 'CreateReplace'. Default is 'Create' and if omittedCRDs are installed but not updated.Skip: do neither install nor replace (update) any CRDs.Create: new CRDs are created, existing CRDs are neither updated nor deleted.CreateReplace: new CRDs are created, existing CRDs are updated (replaced)but not deleted.By default, CRDs are applied (installed) during Helm install action.With this option users can opt in to CRD replace existing CRDs on Helminstall actions, which is not (yet) natively supported by Helm.https://helm.sh/docs/chart_best_practices/custom_resource_definitions.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Skip", "Create", "CreateReplace"), + }, + }, + + "create_namespace": schema.BoolAttribute{ + Description: "CreateNamespace tells the Helm install action to create theHelmReleaseSpec.TargetNamespace if it does not exist yet.On uninstall, the namespace will not be garbage collected.", + MarkdownDescription: "CreateNamespace tells the Helm install action to create theHelmReleaseSpec.TargetNamespace if it does not exist yet.On uninstall, the namespace will not be garbage collected.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_hooks": schema.BoolAttribute{ + Description: "DisableHooks prevents hooks from running during the Helm install action.", + MarkdownDescription: "DisableHooks prevents hooks from running during the Helm install action.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_open_api_validation": schema.BoolAttribute{ + Description: "DisableOpenAPIValidation prevents the Helm install action from validatingrendered templates against the Kubernetes OpenAPI Schema.", + MarkdownDescription: "DisableOpenAPIValidation prevents the Helm install action from validatingrendered templates against the Kubernetes OpenAPI Schema.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_wait": schema.BoolAttribute{ + Description: "DisableWait disables the waiting for resources to be ready after a Helminstall has been performed.", + MarkdownDescription: "DisableWait disables the waiting for resources to be ready after a Helminstall has been performed.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_wait_for_jobs": schema.BoolAttribute{ + Description: "DisableWaitForJobs disables waiting for jobs to complete after a Helminstall has been performed.", + MarkdownDescription: "DisableWaitForJobs disables waiting for jobs to complete after a Helminstall has been performed.", + Required: false, + Optional: true, + Computed: false, + }, + + "remediation": schema.SingleNestedAttribute{ + Description: "Remediation holds the remediation configuration for when the Helm installaction for the HelmRelease fails. The default is to not perform any action.", + MarkdownDescription: "Remediation holds the remediation configuration for when the Helm installaction for the HelmRelease fails. The default is to not perform any action.", + Attributes: map[string]schema.Attribute{ + "ignore_test_failures": schema.BoolAttribute{ + Description: "IgnoreTestFailures tells the controller to skip remediation when the Helmtests are run after an install action but fail. Defaults to'Test.IgnoreFailures'.", + MarkdownDescription: "IgnoreTestFailures tells the controller to skip remediation when the Helmtests are run after an install action but fail. Defaults to'Test.IgnoreFailures'.", + Required: false, + Optional: true, + Computed: false, + }, + + "remediate_last_failure": schema.BoolAttribute{ + Description: "RemediateLastFailure tells the controller to remediate the last failure, whenno retries remain. Defaults to 'false'.", + MarkdownDescription: "RemediateLastFailure tells the controller to remediate the last failure, whenno retries remain. Defaults to 'false'.", + Required: false, + Optional: true, + Computed: false, + }, + + "retries": schema.Int64Attribute{ + Description: "Retries is the number of retries that should be attempted on failures beforebailing. Remediation, using an uninstall, is performed between each attempt.Defaults to '0', a negative integer equals to unlimited retries.", + MarkdownDescription: "Retries is the number of retries that should be attempted on failures beforebailing. Remediation, using an uninstall, is performed between each attempt.Defaults to '0', a negative integer equals to unlimited retries.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "replace": schema.BoolAttribute{ + Description: "Replace tells the Helm install action to re-use the 'ReleaseName', but onlyif that name is a deleted release which remains in the history.", + MarkdownDescription: "Replace tells the Helm install action to re-use the 'ReleaseName', but onlyif that name is a deleted release which remains in the history.", + Required: false, + Optional: true, + Computed: false, + }, + + "skip_cr_ds": schema.BoolAttribute{ + Description: "SkipCRDs tells the Helm install action to not install any CRDs. By default,CRDs are installed if not already present.Deprecated use CRD policy ('crds') attribute with value 'Skip' instead.", + MarkdownDescription: "SkipCRDs tells the Helm install action to not install any CRDs. By default,CRDs are installed if not already present.Deprecated use CRD policy ('crds') attribute with value 'Skip' instead.", + Required: false, + Optional: true, + Computed: false, + }, + + "timeout": schema.StringAttribute{ + Description: "Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm install action. Defaults to'HelmReleaseSpec.Timeout'.", + MarkdownDescription: "Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm install action. Defaults to'HelmReleaseSpec.Timeout'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "interval": schema.StringAttribute{ + Description: "Interval at which to reconcile the Helm release.", + MarkdownDescription: "Interval at which to reconcile the Helm release.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), + }, + }, + + "kube_config": schema.SingleNestedAttribute{ + Description: "KubeConfig for reconciling the HelmRelease on a remote cluster.When used in combination with HelmReleaseSpec.ServiceAccountName,forces the controller to act on behalf of that Service Account at thetarget cluster.If the --default-service-account flag is set, its value will be used asa controller level fallback for when HelmReleaseSpec.ServiceAccountNameis empty.", + MarkdownDescription: "KubeConfig for reconciling the HelmRelease on a remote cluster.When used in combination with HelmReleaseSpec.ServiceAccountName,forces the controller to act on behalf of that Service Account at thetarget cluster.If the --default-service-account flag is set, its value will be used asa controller level fallback for when HelmReleaseSpec.ServiceAccountNameis empty.", + Attributes: map[string]schema.Attribute{ + "secret_ref": schema.SingleNestedAttribute{ + Description: "SecretRef holds the name of a secret that contains a key withthe kubeconfig file as the value. If no key is set, the key will defaultto 'value'.It is recommended that the kubeconfig is self-contained, and the secretis regularly updated if credentials such as a cloud-access-token expire.Cloud specific 'cmd-path' auth helpers will not function without addingbinaries and credentials to the Pod that is responsible for reconcilingKubernetes resources.", + MarkdownDescription: "SecretRef holds the name of a secret that contains a key withthe kubeconfig file as the value. If no key is set, the key will defaultto 'value'.It is recommended that the kubeconfig is self-contained, and the secretis regularly updated if credentials such as a cloud-access-token expire.Cloud specific 'cmd-path' auth helpers will not function without addingbinaries and credentials to the Pod that is responsible for reconcilingKubernetes resources.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "Key in the Secret, when not specified an implementation-specific default key is used.", + MarkdownDescription: "Key in the Secret, when not specified an implementation-specific default key is used.", + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the Secret.", + MarkdownDescription: "Name of the Secret.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "max_history": schema.Int64Attribute{ + Description: "MaxHistory is the number of revisions saved by Helm for this HelmRelease.Use '0' for an unlimited number of revisions; defaults to '5'.", + MarkdownDescription: "MaxHistory is the number of revisions saved by Helm for this HelmRelease.Use '0' for an unlimited number of revisions; defaults to '5'.", + Required: false, + Optional: true, + Computed: false, + }, + + "persistent_client": schema.BoolAttribute{ + Description: "PersistentClient tells the controller to use a persistent Kubernetesclient for this release. When enabled, the client will be reused for theduration of the reconciliation, instead of being created and destroyedfor each (step of a) Helm action.This can improve performance, but may cause issues with some Helm chartsthat for example do create Custom Resource Definitions during installationoutside Helm's CRD lifecycle hooks, which are then not observed to beavailable by e.g. post-install hooks.If not set, it defaults to true.", + MarkdownDescription: "PersistentClient tells the controller to use a persistent Kubernetesclient for this release. When enabled, the client will be reused for theduration of the reconciliation, instead of being created and destroyedfor each (step of a) Helm action.This can improve performance, but may cause issues with some Helm chartsthat for example do create Custom Resource Definitions during installationoutside Helm's CRD lifecycle hooks, which are then not observed to beavailable by e.g. post-install hooks.If not set, it defaults to true.", + Required: false, + Optional: true, + Computed: false, + }, + + "post_renderers": schema.ListNestedAttribute{ + Description: "PostRenderers holds an array of Helm PostRenderers, which will be applied in orderof their definition.", + MarkdownDescription: "PostRenderers holds an array of Helm PostRenderers, which will be applied in orderof their definition.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "kustomize": schema.SingleNestedAttribute{ + Description: "Kustomization to apply as PostRenderer.", + MarkdownDescription: "Kustomization to apply as PostRenderer.", + Attributes: map[string]schema.Attribute{ + "images": schema.ListNestedAttribute{ + Description: "Images is a list of (image name, new name, new tag or digest)for changing image names, tags or digests. This can also be achieved with apatch, but this operator is simpler to specify.", + MarkdownDescription: "Images is a list of (image name, new name, new tag or digest)for changing image names, tags or digests. This can also be achieved with apatch, but this operator is simpler to specify.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "digest": schema.StringAttribute{ + Description: "Digest is the value used to replace the original image tag.If digest is present NewTag value is ignored.", + MarkdownDescription: "Digest is the value used to replace the original image tag.If digest is present NewTag value is ignored.", + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name is a tag-less image name.", + MarkdownDescription: "Name is a tag-less image name.", + Required: true, + Optional: false, + Computed: false, + }, + + "new_name": schema.StringAttribute{ + Description: "NewName is the value used to replace the original name.", + MarkdownDescription: "NewName is the value used to replace the original name.", + Required: false, + Optional: true, + Computed: false, + }, + + "new_tag": schema.StringAttribute{ + Description: "NewTag is the value used to replace the original tag.", + MarkdownDescription: "NewTag is the value used to replace the original tag.", + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "patches": schema.ListNestedAttribute{ + Description: "Strategic merge and JSON patches, defined as inline YAML objects,capable of targeting objects based on kind, label and annotation selectors.", + MarkdownDescription: "Strategic merge and JSON patches, defined as inline YAML objects,capable of targeting objects based on kind, label and annotation selectors.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "patch": schema.StringAttribute{ + Description: "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch withan array of operation objects.", + MarkdownDescription: "Patch contains an inline StrategicMerge patch or an inline JSON6902 patch withan array of operation objects.", + Required: true, + Optional: false, + Computed: false, + }, + + "target": schema.SingleNestedAttribute{ + Description: "Target points to the resources that the patch document should be applied to.", + MarkdownDescription: "Target points to the resources that the patch document should be applied to.", + Attributes: map[string]schema.Attribute{ + "annotation_selector": schema.StringAttribute{ + Description: "AnnotationSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource annotations.", + MarkdownDescription: "AnnotationSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource annotations.", + Required: false, + Optional: true, + Computed: false, + }, + + "group": schema.StringAttribute{ + Description: "Group is the API group to select resources from.Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + MarkdownDescription: "Group is the API group to select resources from.Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + Required: false, + Optional: true, + Computed: false, + }, + + "kind": schema.StringAttribute{ + Description: "Kind of the API Group to select resources from.Together with Group and Version it is capable of unambiguouslyidentifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + MarkdownDescription: "Kind of the API Group to select resources from.Together with Group and Version it is capable of unambiguouslyidentifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + Required: false, + Optional: true, + Computed: false, + }, + + "label_selector": schema.StringAttribute{ + Description: "LabelSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource labels.", + MarkdownDescription: "LabelSelector is a string that follows the label selection expressionhttps://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#apiIt matches with the resource labels.", + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name to match resources with.", + MarkdownDescription: "Name to match resources with.", + Required: false, + Optional: true, + Computed: false, + }, + + "namespace": schema.StringAttribute{ + Description: "Namespace to select resources from.", + MarkdownDescription: "Namespace to select resources from.", + Required: false, + Optional: true, + Computed: false, + }, + + "version": schema.StringAttribute{ + Description: "Version of the API Group to select resources from.Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + MarkdownDescription: "Version of the API Group to select resources from.Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources.https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "release_name": schema.StringAttribute{ + Description: "ReleaseName used for the Helm release. Defaults to a composition of'[TargetNamespace-]Name'.", + MarkdownDescription: "ReleaseName used for the Helm release. Defaults to a composition of'[TargetNamespace-]Name'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(53), + }, + }, + + "rollback": schema.SingleNestedAttribute{ + Description: "Rollback holds the configuration for Helm rollback actions for this HelmRelease.", + MarkdownDescription: "Rollback holds the configuration for Helm rollback actions for this HelmRelease.", + Attributes: map[string]schema.Attribute{ + "cleanup_on_fail": schema.BoolAttribute{ + Description: "CleanupOnFail allows deletion of new resources created during the Helmrollback action when it fails.", + MarkdownDescription: "CleanupOnFail allows deletion of new resources created during the Helmrollback action when it fails.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_hooks": schema.BoolAttribute{ + Description: "DisableHooks prevents hooks from running during the Helm rollback action.", + MarkdownDescription: "DisableHooks prevents hooks from running during the Helm rollback action.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_wait": schema.BoolAttribute{ + Description: "DisableWait disables the waiting for resources to be ready after a Helmrollback has been performed.", + MarkdownDescription: "DisableWait disables the waiting for resources to be ready after a Helmrollback has been performed.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_wait_for_jobs": schema.BoolAttribute{ + Description: "DisableWaitForJobs disables waiting for jobs to complete after a Helmrollback has been performed.", + MarkdownDescription: "DisableWaitForJobs disables waiting for jobs to complete after a Helmrollback has been performed.", + Required: false, + Optional: true, + Computed: false, + }, + + "force": schema.BoolAttribute{ + Description: "Force forces resource updates through a replacement strategy.", + MarkdownDescription: "Force forces resource updates through a replacement strategy.", + Required: false, + Optional: true, + Computed: false, + }, + + "recreate": schema.BoolAttribute{ + Description: "Recreate performs pod restarts for the resource if applicable.", + MarkdownDescription: "Recreate performs pod restarts for the resource if applicable.", + Required: false, + Optional: true, + Computed: false, + }, + + "timeout": schema.StringAttribute{ + Description: "Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm rollback action. Defaults to'HelmReleaseSpec.Timeout'.", + MarkdownDescription: "Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm rollback action. Defaults to'HelmReleaseSpec.Timeout'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "service_account_name": schema.StringAttribute{ + Description: "The name of the Kubernetes service account to impersonatewhen reconciling this HelmRelease.", + MarkdownDescription: "The name of the Kubernetes service account to impersonatewhen reconciling this HelmRelease.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(253), + }, + }, + + "storage_namespace": schema.StringAttribute{ + Description: "StorageNamespace used for the Helm storage.Defaults to the namespace of the HelmRelease.", + MarkdownDescription: "StorageNamespace used for the Helm storage.Defaults to the namespace of the HelmRelease.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(63), + }, + }, + + "suspend": schema.BoolAttribute{ + Description: "Suspend tells the controller to suspend reconciliation for this HelmRelease,it does not apply to already started reconciliations. Defaults to false.", + MarkdownDescription: "Suspend tells the controller to suspend reconciliation for this HelmRelease,it does not apply to already started reconciliations. Defaults to false.", + Required: false, + Optional: true, + Computed: false, + }, + + "target_namespace": schema.StringAttribute{ + Description: "TargetNamespace to target when performing operations for the HelmRelease.Defaults to the namespace of the HelmRelease.", + MarkdownDescription: "TargetNamespace to target when performing operations for the HelmRelease.Defaults to the namespace of the HelmRelease.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(63), + }, + }, + + "test": schema.SingleNestedAttribute{ + Description: "Test holds the configuration for Helm test actions for this HelmRelease.", + MarkdownDescription: "Test holds the configuration for Helm test actions for this HelmRelease.", + Attributes: map[string]schema.Attribute{ + "enable": schema.BoolAttribute{ + Description: "Enable enables Helm test actions for this HelmRelease after an Helm installor upgrade action has been performed.", + MarkdownDescription: "Enable enables Helm test actions for this HelmRelease after an Helm installor upgrade action has been performed.", + Required: false, + Optional: true, + Computed: false, + }, + + "filters": schema.ListNestedAttribute{ + Description: "Filters is a list of tests to run or exclude from running.", + MarkdownDescription: "Filters is a list of tests to run or exclude from running.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "exclude": schema.BoolAttribute{ + Description: "Exclude specifies whether the named test should be excluded.", + MarkdownDescription: "Exclude specifies whether the named test should be excluded.", + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name is the name of the test.", + MarkdownDescription: "Name is the name of the test.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(253), + }, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "ignore_failures": schema.BoolAttribute{ + Description: "IgnoreFailures tells the controller to skip remediation when the Helm testsare run but fail. Can be overwritten for tests run after install or upgradeactions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.", + MarkdownDescription: "IgnoreFailures tells the controller to skip remediation when the Helm testsare run but fail. Can be overwritten for tests run after install or upgradeactions in 'Install.IgnoreTestFailures' and 'Upgrade.IgnoreTestFailures'.", + Required: false, + Optional: true, + Computed: false, + }, + + "timeout": schema.StringAttribute{ + Description: "Timeout is the time to wait for any individual Kubernetes operation duringthe performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.", + MarkdownDescription: "Timeout is the time to wait for any individual Kubernetes operation duringthe performance of a Helm test action. Defaults to 'HelmReleaseSpec.Timeout'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "timeout": schema.StringAttribute{ + Description: "Timeout is the time to wait for any individual Kubernetes operation (like Jobsfor hooks) during the performance of a Helm action. Defaults to '5m0s'.", + MarkdownDescription: "Timeout is the time to wait for any individual Kubernetes operation (like Jobsfor hooks) during the performance of a Helm action. Defaults to '5m0s'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), + }, + }, + + "uninstall": schema.SingleNestedAttribute{ + Description: "Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.", + MarkdownDescription: "Uninstall holds the configuration for Helm uninstall actions for this HelmRelease.", + Attributes: map[string]schema.Attribute{ + "deletion_propagation": schema.StringAttribute{ + Description: "DeletionPropagation specifies the deletion propagation policy whena Helm uninstall is performed.", + MarkdownDescription: "DeletionPropagation specifies the deletion propagation policy whena Helm uninstall is performed.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("background", "foreground", "orphan"), + }, + }, + + "disable_hooks": schema.BoolAttribute{ + Description: "DisableHooks prevents hooks from running during the Helm rollback action.", + MarkdownDescription: "DisableHooks prevents hooks from running during the Helm rollback action.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_wait": schema.BoolAttribute{ + Description: "DisableWait disables waiting for all the resources to be deleted aftera Helm uninstall is performed.", + MarkdownDescription: "DisableWait disables waiting for all the resources to be deleted aftera Helm uninstall is performed.", + Required: false, + Optional: true, + Computed: false, + }, + + "keep_history": schema.BoolAttribute{ + Description: "KeepHistory tells Helm to remove all associated resources and mark therelease as deleted, but retain the release history.", + MarkdownDescription: "KeepHistory tells Helm to remove all associated resources and mark therelease as deleted, but retain the release history.", + Required: false, + Optional: true, + Computed: false, + }, + + "timeout": schema.StringAttribute{ + Description: "Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm uninstall action. Defaultsto 'HelmReleaseSpec.Timeout'.", + MarkdownDescription: "Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm uninstall action. Defaultsto 'HelmReleaseSpec.Timeout'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "upgrade": schema.SingleNestedAttribute{ + Description: "Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.", + MarkdownDescription: "Upgrade holds the configuration for Helm upgrade actions for this HelmRelease.", + Attributes: map[string]schema.Attribute{ + "cleanup_on_fail": schema.BoolAttribute{ + Description: "CleanupOnFail allows deletion of new resources created during the Helmupgrade action when it fails.", + MarkdownDescription: "CleanupOnFail allows deletion of new resources created during the Helmupgrade action when it fails.", + Required: false, + Optional: true, + Computed: false, + }, + + "crds": schema.StringAttribute{ + Description: "CRDs upgrade CRDs from the Helm Chart's crds directory accordingto the CRD upgrade policy provided here. Valid values are 'Skip','Create' or 'CreateReplace'. Default is 'Skip' and if omittedCRDs are neither installed nor upgraded.Skip: do neither install nor replace (update) any CRDs.Create: new CRDs are created, existing CRDs are neither updated nor deleted.CreateReplace: new CRDs are created, existing CRDs are updated (replaced)but not deleted.By default, CRDs are not applied during Helm upgrade action. With thisoption users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm.https://helm.sh/docs/chart_best_practices/custom_resource_definitions.", + MarkdownDescription: "CRDs upgrade CRDs from the Helm Chart's crds directory accordingto the CRD upgrade policy provided here. Valid values are 'Skip','Create' or 'CreateReplace'. Default is 'Skip' and if omittedCRDs are neither installed nor upgraded.Skip: do neither install nor replace (update) any CRDs.Create: new CRDs are created, existing CRDs are neither updated nor deleted.CreateReplace: new CRDs are created, existing CRDs are updated (replaced)but not deleted.By default, CRDs are not applied during Helm upgrade action. With thisoption users can opt-in to CRD upgrade, which is not (yet) natively supported by Helm.https://helm.sh/docs/chart_best_practices/custom_resource_definitions.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Skip", "Create", "CreateReplace"), + }, + }, + + "disable_hooks": schema.BoolAttribute{ + Description: "DisableHooks prevents hooks from running during the Helm upgrade action.", + MarkdownDescription: "DisableHooks prevents hooks from running during the Helm upgrade action.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_open_api_validation": schema.BoolAttribute{ + Description: "DisableOpenAPIValidation prevents the Helm upgrade action from validatingrendered templates against the Kubernetes OpenAPI Schema.", + MarkdownDescription: "DisableOpenAPIValidation prevents the Helm upgrade action from validatingrendered templates against the Kubernetes OpenAPI Schema.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_wait": schema.BoolAttribute{ + Description: "DisableWait disables the waiting for resources to be ready after a Helmupgrade has been performed.", + MarkdownDescription: "DisableWait disables the waiting for resources to be ready after a Helmupgrade has been performed.", + Required: false, + Optional: true, + Computed: false, + }, + + "disable_wait_for_jobs": schema.BoolAttribute{ + Description: "DisableWaitForJobs disables waiting for jobs to complete after a Helmupgrade has been performed.", + MarkdownDescription: "DisableWaitForJobs disables waiting for jobs to complete after a Helmupgrade has been performed.", + Required: false, + Optional: true, + Computed: false, + }, + + "force": schema.BoolAttribute{ + Description: "Force forces resource updates through a replacement strategy.", + MarkdownDescription: "Force forces resource updates through a replacement strategy.", + Required: false, + Optional: true, + Computed: false, + }, + + "preserve_values": schema.BoolAttribute{ + Description: "PreserveValues will make Helm reuse the last release's values and merge inoverrides from 'Values'. Setting this flag makes the HelmReleasenon-declarative.", + MarkdownDescription: "PreserveValues will make Helm reuse the last release's values and merge inoverrides from 'Values'. Setting this flag makes the HelmReleasenon-declarative.", + Required: false, + Optional: true, + Computed: false, + }, + + "remediation": schema.SingleNestedAttribute{ + Description: "Remediation holds the remediation configuration for when the Helm upgradeaction for the HelmRelease fails. The default is to not perform any action.", + MarkdownDescription: "Remediation holds the remediation configuration for when the Helm upgradeaction for the HelmRelease fails. The default is to not perform any action.", + Attributes: map[string]schema.Attribute{ + "ignore_test_failures": schema.BoolAttribute{ + Description: "IgnoreTestFailures tells the controller to skip remediation when the Helmtests are run after an upgrade action but fail.Defaults to 'Test.IgnoreFailures'.", + MarkdownDescription: "IgnoreTestFailures tells the controller to skip remediation when the Helmtests are run after an upgrade action but fail.Defaults to 'Test.IgnoreFailures'.", + Required: false, + Optional: true, + Computed: false, + }, + + "remediate_last_failure": schema.BoolAttribute{ + Description: "RemediateLastFailure tells the controller to remediate the last failure, whenno retries remain. Defaults to 'false' unless 'Retries' is greater than 0.", + MarkdownDescription: "RemediateLastFailure tells the controller to remediate the last failure, whenno retries remain. Defaults to 'false' unless 'Retries' is greater than 0.", + Required: false, + Optional: true, + Computed: false, + }, + + "retries": schema.Int64Attribute{ + Description: "Retries is the number of retries that should be attempted on failures beforebailing. Remediation, using 'Strategy', is performed between each attempt.Defaults to '0', a negative integer equals to unlimited retries.", + MarkdownDescription: "Retries is the number of retries that should be attempted on failures beforebailing. Remediation, using 'Strategy', is performed between each attempt.Defaults to '0', a negative integer equals to unlimited retries.", + Required: false, + Optional: true, + Computed: false, + }, + + "strategy": schema.StringAttribute{ + Description: "Strategy to use for failure remediation. Defaults to 'rollback'.", + MarkdownDescription: "Strategy to use for failure remediation. Defaults to 'rollback'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("rollback", "uninstall"), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "timeout": schema.StringAttribute{ + Description: "Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm upgrade action. Defaults to'HelmReleaseSpec.Timeout'.", + MarkdownDescription: "Timeout is the time to wait for any individual Kubernetes operation (likeJobs for hooks) during the performance of a Helm upgrade action. Defaults to'HelmReleaseSpec.Timeout'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.RegexMatches(regexp.MustCompile(`^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$`), ""), + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "values": schema.MapAttribute{ + Description: "Values holds the values for this Helm release.", + MarkdownDescription: "Values holds the values for this Helm release.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "values_from": schema.ListNestedAttribute{ + Description: "ValuesFrom holds references to resources containing Helm values for this HelmRelease,and information about how they should be merged.", + MarkdownDescription: "ValuesFrom holds references to resources containing Helm values for this HelmRelease,and information about how they should be merged.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "kind": schema.StringAttribute{ + Description: "Kind of the values referent, valid values are ('Secret', 'ConfigMap').", + MarkdownDescription: "Kind of the values referent, valid values are ('Secret', 'ConfigMap').", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("Secret", "ConfigMap"), + }, + }, + + "name": schema.StringAttribute{ + Description: "Name of the values referent. Should reside in the same namespace as thereferring resource.", + MarkdownDescription: "Name of the values referent. Should reside in the same namespace as thereferring resource.", + Required: true, + Optional: false, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + stringvalidator.LengthAtMost(253), + }, + }, + + "optional": schema.BoolAttribute{ + Description: "Optional marks this ValuesReference as optional. When set, a not found errorfor the values reference is ignored, but any ValuesKey, TargetPath ortransient error will still result in a reconciliation failure.", + MarkdownDescription: "Optional marks this ValuesReference as optional. When set, a not found errorfor the values reference is ignored, but any ValuesKey, TargetPath ortransient error will still result in a reconciliation failure.", + Required: false, + Optional: true, + Computed: false, + }, + + "target_path": schema.StringAttribute{ + Description: "TargetPath is the YAML dot notation path the value should be merged at. Whenset, the ValuesKey is expected to be a single flat value. Defaults to 'None',which results in the values getting merged at the root.", + MarkdownDescription: "TargetPath is the YAML dot notation path the value should be merged at. Whenset, the ValuesKey is expected to be a single flat value. Defaults to 'None',which results in the values getting merged at the root.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(250), + stringvalidator.RegexMatches(regexp.MustCompile(`^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$`), ""), + }, + }, + + "values_key": schema.StringAttribute{ + Description: "ValuesKey is the data key where the values.yaml or a specific value can befound at. Defaults to 'values.yaml'.", + MarkdownDescription: "ValuesKey is the data key where the values.yaml or a specific value can befound at. Defaults to 'values.yaml'.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtMost(253), + stringvalidator.RegexMatches(regexp.MustCompile(`^[\-._a-zA-Z0-9]+$`), ""), + }, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + } +} + +func (r *HelmToolkitFluxcdIoHelmReleaseV2Manifest) Read(ctx context.Context, request datasource.ReadRequest, response *datasource.ReadResponse) { + tflog.Debug(ctx, "Read resource k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest") + + var model HelmToolkitFluxcdIoHelmReleaseV2ManifestData + response.Diagnostics.Append(request.Config.Get(ctx, &model)...) + if response.Diagnostics.HasError() { + return + } + + model.ApiVersion = pointer.String("helm.toolkit.fluxcd.io/v2") + model.Kind = pointer.String("HelmRelease") + + y, err := yaml.Marshal(model) + if err != nil { + response.Diagnostics.Append(utilities.MarshalYamlError(err)) + return + } + model.YAML = types.StringValue(string(y)) + + response.Diagnostics.Append(response.State.Set(ctx, &model)...) +} diff --git a/internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go b/internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go new file mode 100644 index 000000000..6dd0463c8 --- /dev/null +++ b/internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go @@ -0,0 +1,31 @@ +/* +* SPDX-FileCopyrightText: The terraform-provider-k8s Authors +* SPDX-License-Identifier: 0BSD + */ + +package helm_toolkit_fluxcd_io_v2_test + +import ( + "context" + fwdatasource "github.com/hashicorp/terraform-plugin-framework/datasource" + "github.com/metio/terraform-provider-k8s/internal/provider/helm_toolkit_fluxcd_io_v2" + "testing" +) + +func TestHelmToolkitFluxcdIoHelmReleaseV2Manifest_ValidateSchema(t *testing.T) { + ctx := context.Background() + schemaRequest := fwdatasource.SchemaRequest{} + schemaResponse := &fwdatasource.SchemaResponse{} + + helm_toolkit_fluxcd_io_v2.NewHelmToolkitFluxcdIoHelmReleaseV2Manifest().Schema(ctx, schemaRequest, schemaResponse) + + if schemaResponse.Diagnostics.HasError() { + t.Fatalf("Schema method diagnostics: %+v", schemaResponse.Diagnostics) + } + + diagnostics := schemaResponse.Schema.ValidateImplementation(ctx) + + if diagnostics.HasError() { + t.Fatalf("Schema validation diagnostics: %+v", diagnostics) + } +} diff --git a/internal/provider/helm_toolkit_fluxcd_io_v2beta2/helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest.go b/internal/provider/helm_toolkit_fluxcd_io_v2beta2/helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest.go index 96d382caf..f610b0531 100644 --- a/internal/provider/helm_toolkit_fluxcd_io_v2beta2/helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest.go +++ b/internal/provider/helm_toolkit_fluxcd_io_v2beta2/helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest.go @@ -50,10 +50,11 @@ type HelmToolkitFluxcdIoHelmReleaseV2Beta2ManifestData struct { Labels *map[string]string `tfsdk:"labels" json:"labels,omitempty"` } `tfsdk:"metadata" json:"metadata,omitempty"` Spec *struct { - Chart *string `tfsdk:"chart" json:"chart,omitempty"` - Interval *string `tfsdk:"interval" json:"interval,omitempty"` - ReconcileStrategy *string `tfsdk:"reconcile_strategy" json:"reconcileStrategy,omitempty"` - SourceRef *struct { + Chart *string `tfsdk:"chart" json:"chart,omitempty"` + IgnoreMissingValuesFiles *bool `tfsdk:"ignore_missing_values_files" json:"ignoreMissingValuesFiles,omitempty"` + Interval *string `tfsdk:"interval" json:"interval,omitempty"` + ReconcileStrategy *string `tfsdk:"reconcile_strategy" json:"reconcileStrategy,omitempty"` + SourceRef *struct { ApiVersion *string `tfsdk:"api_version" json:"apiVersion,omitempty"` Kind *string `tfsdk:"kind" json:"kind,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` @@ -343,6 +344,14 @@ func (r *HelmToolkitFluxcdIoHelmReleaseV2Beta2Manifest) Schema(_ context.Context }, }, + "ignore_missing_values_files": schema.BoolAttribute{ + Description: "IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than failing.", + MarkdownDescription: "IgnoreMissingValuesFiles controls whether to silently ignore missing values files rather than failing.", + Required: false, + Optional: true, + Computed: false, + }, + "interval": schema.StringAttribute{ Description: "Interval at which to check the v1.Source for updates. Defaults to'HelmReleaseSpec.Interval'.", MarkdownDescription: "Interval at which to check the v1.Source for updates. Defaults to'HelmReleaseSpec.Interval'.", diff --git a/internal/provider/infrastructure_cluster_x_k8s_io_v1beta1/infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest.go b/internal/provider/infrastructure_cluster_x_k8s_io_v1beta1/infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest.go index c2777b47e..e770819e4 100644 --- a/internal/provider/infrastructure_cluster_x_k8s_io_v1beta1/infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest.go +++ b/internal/provider/infrastructure_cluster_x_k8s_io_v1beta1/infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest.go @@ -377,8 +377,8 @@ func (r *InfrastructureClusterXK8SIoTinkerbellMachineTemplateV1Beta1Manifest) Sc }, "template_override": schema.StringAttribute{ - Description: "TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://docs.tinkerbell.org/templates/", - MarkdownDescription: "TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://docs.tinkerbell.org/templates/", + Description: "TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://tinkerbell.org/docs/concepts/templates/", + MarkdownDescription: "TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://tinkerbell.org/docs/concepts/templates/", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/infrastructure_cluster_x_k8s_io_v1beta1/infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest.go b/internal/provider/infrastructure_cluster_x_k8s_io_v1beta1/infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest.go index fce0c0034..e930180b9 100644 --- a/internal/provider/infrastructure_cluster_x_k8s_io_v1beta1/infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest.go +++ b/internal/provider/infrastructure_cluster_x_k8s_io_v1beta1/infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest.go @@ -365,8 +365,8 @@ func (r *InfrastructureClusterXK8SIoTinkerbellMachineV1Beta1Manifest) Schema(_ c }, "template_override": schema.StringAttribute{ - Description: "TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://docs.tinkerbell.org/templates/", - MarkdownDescription: "TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://docs.tinkerbell.org/templates/", + Description: "TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://tinkerbell.org/docs/concepts/templates/", + MarkdownDescription: "TemplateOverride overrides the default Tinkerbell template used by CAPT.You can learn more about Tinkerbell templates here: https://tinkerbell.org/docs/concepts/templates/", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/jobset_x_k8s_io_v1alpha2/jobset_x_k8s_io_job_set_v1alpha2_manifest.go b/internal/provider/jobset_x_k8s_io_v1alpha2/jobset_x_k8s_io_job_set_v1alpha2_manifest.go index a8e3eebb2..410036eea 100644 --- a/internal/provider/jobset_x_k8s_io_v1alpha2/jobset_x_k8s_io_job_set_v1alpha2_manifest.go +++ b/internal/provider/jobset_x_k8s_io_v1alpha2/jobset_x_k8s_io_job_set_v1alpha2_manifest.go @@ -1493,8 +1493,8 @@ func (r *JobsetXK8SIoJobSetV1Alpha2Manifest) Schema(_ context.Context, _ datasou }, "managed_by": schema.StringAttribute{ - Description: "ManagedBy is used to indicate the controller or entity that manages a JobSet", - MarkdownDescription: "ManagedBy is used to indicate the controller or entity that manages a JobSet", + Description: "ManagedBy is used to indicate the controller or entity that manages a JobSet.The built-in JobSet controller reconciles JobSets which don't have thisfield at all or the field value is the reserved string'jobset.sigs.k8s.io/jobset-controller', but skips reconciling JobSetswith a custom value for this field.The value must be a valid domain-prefixed path (e.g. acme.io/foo) -all characters before the first '/' must be a valid subdomain as definedby RFC 1123. All characters trailing the first '/' must be valid HTTP Pathcharacters as defined by RFC 3986. The value cannot exceed 63 characters.The field is immutable.", + MarkdownDescription: "ManagedBy is used to indicate the controller or entity that manages a JobSet.The built-in JobSet controller reconciles JobSets which don't have thisfield at all or the field value is the reserved string'jobset.sigs.k8s.io/jobset-controller', but skips reconciling JobSetswith a custom value for this field.The value must be a valid domain-prefixed path (e.g. acme.io/foo) -all characters before the first '/' must be a valid subdomain as definedby RFC 1123. All characters trailing the first '/' must be valid HTTP Pathcharacters as defined by RFC 3986. The value cannot exceed 63 characters.The field is immutable.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/kamaji_clastix_io_v1alpha1/kamaji_clastix_io_data_store_v1alpha1_manifest.go b/internal/provider/kamaji_clastix_io_v1alpha1/kamaji_clastix_io_data_store_v1alpha1_manifest.go index d078c8318..d26d917c2 100644 --- a/internal/provider/kamaji_clastix_io_v1alpha1/kamaji_clastix_io_data_store_v1alpha1_manifest.go +++ b/internal/provider/kamaji_clastix_io_v1alpha1/kamaji_clastix_io_data_store_v1alpha1_manifest.go @@ -310,8 +310,8 @@ func (r *KamajiClastixIoDataStoreV1Alpha1Manifest) Schema(_ context.Context, _ d }, "tls_config": schema.SingleNestedAttribute{ - Description: "Defines the TLS/SSL configuration required to connect to the data store in a secure way.", - MarkdownDescription: "Defines the TLS/SSL configuration required to connect to the data store in a secure way.", + Description: "Defines the TLS/SSL configuration required to connect to the data store in a secure way.This value is optional.", + MarkdownDescription: "Defines the TLS/SSL configuration required to connect to the data store in a secure way.This value is optional.", Attributes: map[string]schema.Attribute{ "certificate_authority": schema.SingleNestedAttribute{ Description: "Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference.The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this.", @@ -550,13 +550,13 @@ func (r *KamajiClastixIoDataStoreV1Alpha1Manifest) Schema(_ context.Context, _ d Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, }, - Required: true, - Optional: false, + Required: false, + Optional: true, Computed: false, }, }, diff --git a/internal/provider/kamaji_clastix_io_v1alpha1/kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest.go b/internal/provider/kamaji_clastix_io_v1alpha1/kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest.go index 2a75a82cf..a8a002aee 100644 --- a/internal/provider/kamaji_clastix_io_v1alpha1/kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest.go +++ b/internal/provider/kamaji_clastix_io_v1alpha1/kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest.go @@ -50,9 +50,16 @@ type KamajiClastixIoTenantControlPlaneV1Alpha1ManifestData struct { } `tfsdk:"core_dns" json:"coreDNS,omitempty"` Konnectivity *struct { Agent *struct { - ExtraArgs *[]string `tfsdk:"extra_args" json:"extraArgs,omitempty"` - Image *string `tfsdk:"image" json:"image,omitempty"` - Version *string `tfsdk:"version" json:"version,omitempty"` + ExtraArgs *[]string `tfsdk:"extra_args" json:"extraArgs,omitempty"` + Image *string `tfsdk:"image" json:"image,omitempty"` + Tolerations *[]struct { + Effect *string `tfsdk:"effect" json:"effect,omitempty"` + Key *string `tfsdk:"key" json:"key,omitempty"` + Operator *string `tfsdk:"operator" json:"operator,omitempty"` + TolerationSeconds *int64 `tfsdk:"toleration_seconds" json:"tolerationSeconds,omitempty"` + Value *string `tfsdk:"value" json:"value,omitempty"` + } `tfsdk:"tolerations" json:"tolerations,omitempty"` + Version *string `tfsdk:"version" json:"version,omitempty"` } `tfsdk:"agent" json:"agent,omitempty"` Server *struct { ExtraArgs *[]string `tfsdk:"extra_args" json:"extraArgs,omitempty"` @@ -1287,6 +1294,57 @@ func (r *KamajiClastixIoTenantControlPlaneV1Alpha1Manifest) Schema(_ context.Con Computed: false, }, + "tolerations": schema.ListNestedAttribute{ + Description: "Tolerations for the deployed agent.Can be customized to start the konnectivity-agent even if the nodes are not ready or tainted.", + MarkdownDescription: "Tolerations for the deployed agent.Can be customized to start the konnectivity-agent even if the nodes are not ready or tainted.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "effect": schema.StringAttribute{ + Description: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + MarkdownDescription: "Effect indicates the taint effect to match. Empty means match all taint effects.When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.", + Required: false, + Optional: true, + Computed: false, + }, + + "key": schema.StringAttribute{ + Description: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + MarkdownDescription: "Key is the taint key that the toleration applies to. Empty means match all taint keys.If the key is empty, operator must be Exists; this combination means to match all values and all keys.", + Required: false, + Optional: true, + Computed: false, + }, + + "operator": schema.StringAttribute{ + Description: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", + MarkdownDescription: "Operator represents a key's relationship to the value.Valid operators are Exists and Equal. Defaults to Equal.Exists is equivalent to wildcard for value, so that a pod cantolerate all taints of a particular category.", + Required: false, + Optional: true, + Computed: false, + }, + + "toleration_seconds": schema.Int64Attribute{ + Description: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", + MarkdownDescription: "TolerationSeconds represents the period of time the toleration (which must beof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,it is not set, which means tolerate the taint forever (do not evict). Zero andnegative values will be treated as 0 (evict immediately) by the system.", + Required: false, + Optional: true, + Computed: false, + }, + + "value": schema.StringAttribute{ + Description: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", + MarkdownDescription: "Value is the taint value the toleration matches to.If the operator is Exists, the value should be empty, otherwise just a regular string.", + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "version": schema.StringAttribute{ Description: "Version for Konnectivity agent.", MarkdownDescription: "Version for Konnectivity agent.", diff --git a/internal/provider/keda_sh_v1alpha1/keda_sh_cluster_trigger_authentication_v1alpha1_manifest.go b/internal/provider/keda_sh_v1alpha1/keda_sh_cluster_trigger_authentication_v1alpha1_manifest.go index 7f238a7e0..124231700 100644 --- a/internal/provider/keda_sh_v1alpha1/keda_sh_cluster_trigger_authentication_v1alpha1_manifest.go +++ b/internal/provider/keda_sh_v1alpha1/keda_sh_cluster_trigger_authentication_v1alpha1_manifest.go @@ -448,7 +448,7 @@ func (r *KedaShClusterTriggerAuthenticationV1Alpha1Manifest) Schema(_ context.Co Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("azure", "azure-workload", "gcp", "aws", "aws-eks", "aws-kiam", "none"), + stringvalidator.OneOf("azure-workload", "gcp", "aws", "aws-eks", "none"), }, }, @@ -672,7 +672,7 @@ func (r *KedaShClusterTriggerAuthenticationV1Alpha1Manifest) Schema(_ context.Co Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("azure", "azure-workload", "gcp", "aws", "aws-eks", "aws-kiam", "none"), + stringvalidator.OneOf("azure-workload", "gcp", "aws", "aws-eks", "none"), }, }, @@ -909,7 +909,7 @@ func (r *KedaShClusterTriggerAuthenticationV1Alpha1Manifest) Schema(_ context.Co Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("azure", "azure-workload", "gcp", "aws", "aws-eks", "aws-kiam", "none"), + stringvalidator.OneOf("azure-workload", "gcp", "aws", "aws-eks", "none"), }, }, @@ -1194,7 +1194,7 @@ func (r *KedaShClusterTriggerAuthenticationV1Alpha1Manifest) Schema(_ context.Co Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("azure", "azure-workload", "gcp", "aws", "aws-eks", "aws-kiam", "none"), + stringvalidator.OneOf("azure-workload", "gcp", "aws", "aws-eks", "none"), }, }, diff --git a/internal/provider/keda_sh_v1alpha1/keda_sh_trigger_authentication_v1alpha1_manifest.go b/internal/provider/keda_sh_v1alpha1/keda_sh_trigger_authentication_v1alpha1_manifest.go index fd1ed97d4..398c0a3f4 100644 --- a/internal/provider/keda_sh_v1alpha1/keda_sh_trigger_authentication_v1alpha1_manifest.go +++ b/internal/provider/keda_sh_v1alpha1/keda_sh_trigger_authentication_v1alpha1_manifest.go @@ -461,7 +461,7 @@ func (r *KedaShTriggerAuthenticationV1Alpha1Manifest) Schema(_ context.Context, Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("azure", "azure-workload", "gcp", "aws", "aws-eks", "aws-kiam", "none"), + stringvalidator.OneOf("azure-workload", "gcp", "aws", "aws-eks", "none"), }, }, @@ -685,7 +685,7 @@ func (r *KedaShTriggerAuthenticationV1Alpha1Manifest) Schema(_ context.Context, Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("azure", "azure-workload", "gcp", "aws", "aws-eks", "aws-kiam", "none"), + stringvalidator.OneOf("azure-workload", "gcp", "aws", "aws-eks", "none"), }, }, @@ -922,7 +922,7 @@ func (r *KedaShTriggerAuthenticationV1Alpha1Manifest) Schema(_ context.Context, Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("azure", "azure-workload", "gcp", "aws", "aws-eks", "aws-kiam", "none"), + stringvalidator.OneOf("azure-workload", "gcp", "aws", "aws-eks", "none"), }, }, @@ -1207,7 +1207,7 @@ func (r *KedaShTriggerAuthenticationV1Alpha1Manifest) Schema(_ context.Context, Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("azure", "azure-workload", "gcp", "aws", "aws-eks", "aws-kiam", "none"), + stringvalidator.OneOf("azure-workload", "gcp", "aws", "aws-eks", "none"), }, }, diff --git a/internal/provider/kibana_k8s_elastic_co_v1/kibana_k8s_elastic_co_kibana_v1_manifest.go b/internal/provider/kibana_k8s_elastic_co_v1/kibana_k8s_elastic_co_kibana_v1_manifest.go index be9d90496..ca58f735e 100644 --- a/internal/provider/kibana_k8s_elastic_co_v1/kibana_k8s_elastic_co_kibana_v1_manifest.go +++ b/internal/provider/kibana_k8s_elastic_co_v1/kibana_k8s_elastic_co_kibana_v1_manifest.go @@ -96,7 +96,8 @@ type KibanaK8SElasticCoKibanaV1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -440,7 +441,11 @@ type KibanaK8SElasticCoKibanaV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -506,12 +511,13 @@ type KibanaK8SElasticCoKibanaV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -692,7 +698,11 @@ type KibanaK8SElasticCoKibanaV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -759,12 +769,13 @@ type KibanaK8SElasticCoKibanaV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -947,7 +958,11 @@ type KibanaK8SElasticCoKibanaV1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1013,12 +1028,13 @@ type KibanaK8SElasticCoKibanaV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1048,6 +1064,10 @@ type KibanaK8SElasticCoKibanaV1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1887,6 +1907,14 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2442,8 +2470,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2451,8 +2479,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2609,8 +2637,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2618,8 +2646,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2776,8 +2804,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2785,8 +2813,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2943,8 +2971,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2952,8 +2980,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -4144,6 +4172,31 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4605,8 +4658,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4628,6 +4681,14 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5823,6 +5884,31 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6292,8 +6378,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6315,6 +6401,14 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6352,8 +6446,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7527,6 +7621,31 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -7988,8 +8107,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -8011,6 +8130,14 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -8065,8 +8192,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8202,8 +8329,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8224,6 +8351,31 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8413,8 +8565,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8588,8 +8740,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -9031,8 +9183,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9377,8 +9529,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -10095,8 +10247,8 @@ func (r *KibanaK8SElasticCoKibanaV1Manifest) Schema(_ context.Context, _ datasou NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", diff --git a/internal/provider/kibana_k8s_elastic_co_v1beta1/kibana_k8s_elastic_co_kibana_v1beta1_manifest.go b/internal/provider/kibana_k8s_elastic_co_v1beta1/kibana_k8s_elastic_co_kibana_v1beta1_manifest.go index 2b533a553..025cbb8c9 100644 --- a/internal/provider/kibana_k8s_elastic_co_v1beta1/kibana_k8s_elastic_co_kibana_v1beta1_manifest.go +++ b/internal/provider/kibana_k8s_elastic_co_v1beta1/kibana_k8s_elastic_co_kibana_v1beta1_manifest.go @@ -88,7 +88,8 @@ type KibanaK8SElasticCoKibanaV1Beta1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -414,7 +415,11 @@ type KibanaK8SElasticCoKibanaV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -480,12 +485,13 @@ type KibanaK8SElasticCoKibanaV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -666,7 +672,11 @@ type KibanaK8SElasticCoKibanaV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -733,12 +743,13 @@ type KibanaK8SElasticCoKibanaV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -921,7 +932,11 @@ type KibanaK8SElasticCoKibanaV1Beta1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -987,12 +1002,13 @@ type KibanaK8SElasticCoKibanaV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1022,6 +1038,10 @@ type KibanaK8SElasticCoKibanaV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1802,6 +1822,14 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2244,8 +2272,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2253,8 +2281,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2411,8 +2439,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2420,8 +2448,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2578,8 +2606,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2587,8 +2615,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2745,8 +2773,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2754,8 +2782,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3946,6 +3974,31 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4407,8 +4460,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4430,6 +4483,14 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5625,6 +5686,31 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6094,8 +6180,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6117,6 +6203,14 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6154,8 +6248,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7329,6 +7423,31 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -7790,8 +7909,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -7813,6 +7932,14 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7867,8 +7994,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8004,8 +8131,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8026,6 +8153,31 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8215,8 +8367,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8390,8 +8542,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -8833,8 +8985,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9179,8 +9331,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -9897,8 +10049,8 @@ func (r *KibanaK8SElasticCoKibanaV1Beta1Manifest) Schema(_ context.Context, _ da NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", diff --git a/internal/provider/kuadrant_io_v1alpha1/kuadrant_io_dns_record_v1alpha1_manifest.go b/internal/provider/kuadrant_io_v1alpha1/kuadrant_io_dns_record_v1alpha1_manifest.go index 32c1cb7dd..f695c5794 100644 --- a/internal/provider/kuadrant_io_v1alpha1/kuadrant_io_dns_record_v1alpha1_manifest.go +++ b/internal/provider/kuadrant_io_v1alpha1/kuadrant_io_dns_record_v1alpha1_manifest.go @@ -295,17 +295,24 @@ func (r *KuadrantIoDnsrecordV1Alpha1Manifest) Schema(_ context.Context, _ dataso "owner_id": schema.StringAttribute{ Description: "ownerID is a unique string used to identify the owner of this record.", MarkdownDescription: "ownerID is a unique string used to identify the owner of this record.", - Required: false, - Optional: true, + Required: true, + Optional: false, Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(6), + stringvalidator.LengthAtMost(12), + }, }, "root_host": schema.StringAttribute{ - Description: "rootHost is the single root for all endpoints in a DNSRecord. If rootHost is set, it is expected all defined endpoints are children of or equal to this rootHost", - MarkdownDescription: "rootHost is the single root for all endpoints in a DNSRecord. If rootHost is set, it is expected all defined endpoints are children of or equal to this rootHost", - Required: false, - Optional: true, + Description: "rootHost is the single root for all endpoints in a DNSRecord. it is expected all defined endpoints are children of or equal to this rootHost", + MarkdownDescription: "rootHost is the single root for all endpoints in a DNSRecord. it is expected all defined endpoints are children of or equal to this rootHost", + Required: true, + Optional: false, Computed: false, + Validators: []validator.String{ + stringvalidator.LengthAtLeast(1), + }, }, }, Required: false, diff --git a/internal/provider/kueue_x_k8s_io_v1beta1/kueue_x_k8s_io_cluster_queue_v1beta1_manifest.go b/internal/provider/kueue_x_k8s_io_v1beta1/kueue_x_k8s_io_cluster_queue_v1beta1_manifest.go index a94bccf00..364937071 100644 --- a/internal/provider/kueue_x_k8s_io_v1beta1/kueue_x_k8s_io_cluster_queue_v1beta1_manifest.go +++ b/internal/provider/kueue_x_k8s_io_v1beta1/kueue_x_k8s_io_cluster_queue_v1beta1_manifest.go @@ -50,7 +50,10 @@ type KueueXK8SIoClusterQueueV1Beta1ManifestData struct { OnFlavors *[]string `tfsdk:"on_flavors" json:"onFlavors,omitempty"` } `tfsdk:"admission_checks" json:"admissionChecks,omitempty"` } `tfsdk:"admission_checks_strategy" json:"admissionChecksStrategy,omitempty"` - Cohort *string `tfsdk:"cohort" json:"cohort,omitempty"` + Cohort *string `tfsdk:"cohort" json:"cohort,omitempty"` + FairSharing *struct { + Weight *string `tfsdk:"weight" json:"weight,omitempty"` + } `tfsdk:"fair_sharing" json:"fairSharing,omitempty"` FlavorFungibility *struct { WhenCanBorrow *string `tfsdk:"when_can_borrow" json:"whenCanBorrow,omitempty"` WhenCanPreempt *string `tfsdk:"when_can_preempt" json:"whenCanPreempt,omitempty"` @@ -211,6 +214,23 @@ func (r *KueueXK8SIoClusterQueueV1Beta1Manifest) Schema(_ context.Context, _ dat }, }, + "fair_sharing": schema.SingleNestedAttribute{ + Description: "fairSharing defines the properties of the ClusterQueue when participating in fair sharing.The values are only relevant if fair sharing is enabled in the Kueue configuration.", + MarkdownDescription: "fairSharing defines the properties of the ClusterQueue when participating in fair sharing.The values are only relevant if fair sharing is enabled in the Kueue configuration.", + Attributes: map[string]schema.Attribute{ + "weight": schema.StringAttribute{ + Description: "weight gives a comparative advantage to this ClusterQueue when competing for unusedresources in the cohort against other ClusterQueues.The share of a ClusterQueue is based on the dominant resource usage above nominalquotas for each resource, divided by the weight.Admission prioritizes scheduling workloads from ClusterQueues with the lowest shareand preempting workloads from the ClusterQueues with the highest share.A zero weight implies infinite share value, meaning that this ClusterQueue will alwaysbe at disadvantage against other ClusterQueues.", + MarkdownDescription: "weight gives a comparative advantage to this ClusterQueue when competing for unusedresources in the cohort against other ClusterQueues.The share of a ClusterQueue is based on the dominant resource usage above nominalquotas for each resource, divided by the weight.Admission prioritizes scheduling workloads from ClusterQueues with the lowest shareand preempting workloads from the ClusterQueues with the highest share.A zero weight implies infinite share value, meaning that this ClusterQueue will alwaysbe at disadvantage against other ClusterQueues.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "flavor_fungibility": schema.SingleNestedAttribute{ Description: "flavorFungibility defines whether a workload should try the next flavorbefore borrowing or preempting in the flavor being evaluated.", MarkdownDescription: "flavorFungibility defines whether a workload should try the next flavorbefore borrowing or preempting in the flavor being evaluated.", diff --git a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_v1alpha1_manifest.go b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_v1alpha1_manifest.go index 928301eab..d845d1132 100644 --- a/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_v1alpha1_manifest.go +++ b/internal/provider/lambda_services_k8s_aws_v1alpha1/lambda_services_k8s_aws_function_v1alpha1_manifest.go @@ -54,6 +54,7 @@ type LambdaServicesK8SAwsFunctionV1Alpha1ManifestData struct { } `tfsdk:"s3_bucket_ref" json:"s3BucketRef,omitempty"` S3Key *string `tfsdk:"s3_key" json:"s3Key,omitempty"` S3ObjectVersion *string `tfsdk:"s3_object_version" json:"s3ObjectVersion,omitempty"` + Sha256 *string `tfsdk:"sha256" json:"sha256,omitempty"` ZipFile *string `tfsdk:"zip_file" json:"zipFile,omitempty"` } `tfsdk:"code" json:"code,omitempty"` CodeSigningConfigARN *string `tfsdk:"code_signing_config_arn" json:"codeSigningConfigARN,omitempty"` @@ -283,6 +284,14 @@ func (r *LambdaServicesK8SAwsFunctionV1Alpha1Manifest) Schema(_ context.Context, Computed: false, }, + "sha256": schema.StringAttribute{ + Description: "", + MarkdownDescription: "", + Required: false, + Optional: true, + Computed: false, + }, + "zip_file": schema.StringAttribute{ Description: "", MarkdownDescription: "", diff --git a/internal/provider/maps_k8s_elastic_co_v1alpha1/maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest.go b/internal/provider/maps_k8s_elastic_co_v1alpha1/maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest.go index abc0c385b..97b186c86 100644 --- a/internal/provider/maps_k8s_elastic_co_v1alpha1/maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest.go +++ b/internal/provider/maps_k8s_elastic_co_v1alpha1/maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest.go @@ -93,7 +93,8 @@ type MapsK8SElasticCoElasticMapsServerV1Alpha1ManifestData struct { TimeoutSeconds *int64 `tfsdk:"timeout_seconds" json:"timeoutSeconds,omitempty"` } `tfsdk:"client_ip" json:"clientIP,omitempty"` } `tfsdk:"session_affinity_config" json:"sessionAffinityConfig,omitempty"` - Type *string `tfsdk:"type" json:"type,omitempty"` + TrafficDistribution *string `tfsdk:"traffic_distribution" json:"trafficDistribution,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` } `tfsdk:"spec" json:"spec,omitempty"` } `tfsdk:"service" json:"service,omitempty"` Tls *struct { @@ -419,7 +420,11 @@ type MapsK8SElasticCoElasticMapsServerV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -485,12 +490,13 @@ type MapsK8SElasticCoElasticMapsServerV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` @@ -671,7 +677,11 @@ type MapsK8SElasticCoElasticMapsServerV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -738,12 +748,13 @@ type MapsK8SElasticCoElasticMapsServerV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"ephemeral_containers" json:"ephemeralContainers,omitempty"` @@ -926,7 +937,11 @@ type MapsK8SElasticCoElasticMapsServerV1Alpha1ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -992,12 +1007,13 @@ type MapsK8SElasticCoElasticMapsServerV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1027,6 +1043,10 @@ type MapsK8SElasticCoElasticMapsServerV1Alpha1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"scheduling_gates" json:"schedulingGates,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1835,6 +1855,14 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con Computed: false, }, + "traffic_distribution": schema.StringAttribute{ + Description: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + MarkdownDescription: "TrafficDistribution offers a way to express preferences for how traffic isdistributed to Service endpoints. Implementations can use this field as ahint, but are not required to guarantee strict adherence. If the field isnot set, the implementation will apply its default routing strategy. If setto 'PreferClose', implementations should prioritize endpoints that aretopologically close (e.g., same zone).", + Required: false, + Optional: true, + Computed: false, + }, + "type": schema.StringAttribute{ Description: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", MarkdownDescription: "type determines how the Service is exposed. Defaults to ClusterIP. Validoptions are ExternalName, ClusterIP, NodePort, and LoadBalancer.'ClusterIP' allocates a cluster-internal IP address for load-balancingto endpoints. Endpoints are determined by the selector or if that is notspecified, by manual construction of an Endpoints object orEndpointSlice objects. If clusterIP is 'None', no virtual IP isallocated and the endpoints are published as a set of endpoints ratherthan a virtual IP.'NodePort' builds on ClusterIP and allocates a port on every node whichroutes to the same endpoints as the clusterIP.'LoadBalancer' builds on NodePort and creates an external load-balancer(if supported in the current cloud) which routes to the same endpointsas the clusterIP.'ExternalName' aliases this service to the specified externalName.Several other fields do not apply to ExternalName services.More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types", @@ -2277,8 +2305,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2286,8 +2314,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2444,8 +2472,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2453,8 +2481,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2611,8 +2639,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2620,8 +2648,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2778,8 +2806,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "match_label_keys": schema.ListAttribute{ - Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MatchLabelKeys and LabelSelector.Also, MatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -2787,8 +2815,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "mismatch_label_keys": schema.ListAttribute{ - Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", - MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'LabelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector.Also, MismatchLabelKeys cannot be set when LabelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", ElementType: types.StringType, Required: false, Optional: true, @@ -3979,6 +4007,31 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -4440,8 +4493,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -4463,6 +4516,14 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -5658,6 +5719,31 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -6127,8 +6213,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -6150,6 +6236,14 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -6187,8 +6281,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "host_aliases": schema.ListNestedAttribute{ - Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", - MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified. This is only valid for non-hostNetwork pods.", + Description: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", + MarkdownDescription: "HostAliases is an optional list of hosts and IPs that will be injected into the pod's hostsfile if specified.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "hostnames": schema.ListAttribute{ @@ -7362,6 +7456,31 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -7823,8 +7942,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -7846,6 +7965,14 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -7900,8 +8027,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "os": schema.SingleNestedAttribute{ - Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", - MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + Description: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", + MarkdownDescription: "Specifies the OS of the containers in the pod.Some pod and container fields are restricted if this is set.If the OS field is set to linux, the following fields must be unset:-securityContext.windowsOptionsIf the OS field is set to windows, following fields must be unset:- spec.hostPID- spec.hostIPC- spec.hostUsers- spec.securityContext.appArmorProfile- spec.securityContext.seLinuxOptions- spec.securityContext.seccompProfile- spec.securityContext.fsGroup- spec.securityContext.fsGroupChangePolicy- spec.securityContext.sysctls- spec.shareProcessNamespace- spec.securityContext.runAsUser- spec.securityContext.runAsGroup- spec.securityContext.supplementalGroups- spec.containers[*].securityContext.appArmorProfile- spec.containers[*].securityContext.seLinuxOptions- spec.containers[*].securityContext.seccompProfile- spec.containers[*].securityContext.capabilities- spec.containers[*].securityContext.readOnlyRootFilesystem- spec.containers[*].securityContext.privileged- spec.containers[*].securityContext.allowPrivilegeEscalation- spec.containers[*].securityContext.procMount- spec.containers[*].securityContext.runAsUser- spec.containers[*].securityContext.runAsGroup", Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ Description: "Name is the name of the operating system. The currently supported values are linux and windows.Additional value may be defined in future and can be one of:https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configurationClients should expect to handle additional values and treat unrecognized values in this field as os: null", @@ -8037,8 +8164,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "scheduling_gates": schema.ListNestedAttribute{ - Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", - MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.This is a beta feature enabled by the PodSchedulingReadiness feature gate.", + Description: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", + MarkdownDescription: "SchedulingGates is an opaque list of values that if specified will block scheduling the pod.If schedulingGates is not empty, the pod will stay in the SchedulingGated state and thescheduler will not attempt to schedule the pod.SchedulingGates can only be set at pod creation time, and be removed only afterwards.", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "name": schema.StringAttribute{ @@ -8059,6 +8186,31 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con Description: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", MarkdownDescription: "SecurityContext holds pod-level security attributes and common container settings.Optional: Defaults to empty. See type description for default values of each field.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -8248,8 +8400,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "service_account": schema.StringAttribute{ - Description: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", - MarkdownDescription: "DeprecatedServiceAccount is a depreciated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + Description: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", + MarkdownDescription: "DeprecatedServiceAccount is a deprecated alias for ServiceAccountName.Deprecated: Use serviceAccountName instead.", Required: false, Optional: true, Computed: false, @@ -8423,8 +8575,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -8866,8 +9018,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -9212,8 +9364,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con }, "volume_attributes_class_name": schema.StringAttribute{ - Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", - MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#volumeattributesclass(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", Required: false, Optional: true, Computed: false, @@ -9930,8 +10082,8 @@ func (r *MapsK8SElasticCoElasticMapsServerV1Alpha1Manifest) Schema(_ context.Con NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", diff --git a/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.go b/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.go index 12487124c..893e92b0c 100644 --- a/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.go +++ b/internal/provider/monitoring_coreos_com_v1alpha1/monitoring_coreos_com_alertmanager_config_v1alpha1_manifest.go @@ -4046,7 +4046,6 @@ func (r *MonitoringCoreosComAlertmanagerConfigV1Alpha1Manifest) Schema(_ context Computed: false, Validators: []validator.String{ stringvalidator.LengthAtLeast(1), - stringvalidator.OneOf("team", "teams", "user", "escalation", "schedule"), }, }, diff --git a/internal/provider/networking_istio_io_v1/networking_istio_io_virtual_service_v1_manifest.go b/internal/provider/networking_istio_io_v1/networking_istio_io_virtual_service_v1_manifest.go index a3f96a99c..bd69b9a2b 100644 --- a/internal/provider/networking_istio_io_v1/networking_istio_io_virtual_service_v1_manifest.go +++ b/internal/provider/networking_istio_io_v1/networking_istio_io_virtual_service_v1_manifest.go @@ -58,8 +58,9 @@ type NetworkingIstioIoVirtualServiceV1ManifestData struct { Prefix *string `tfsdk:"prefix" json:"prefix,omitempty"` Regex *string `tfsdk:"regex" json:"regex,omitempty"` } `tfsdk:"allow_origins" json:"allowOrigins,omitempty"` - ExposeHeaders *[]string `tfsdk:"expose_headers" json:"exposeHeaders,omitempty"` - MaxAge *string `tfsdk:"max_age" json:"maxAge,omitempty"` + ExposeHeaders *[]string `tfsdk:"expose_headers" json:"exposeHeaders,omitempty"` + MaxAge *string `tfsdk:"max_age" json:"maxAge,omitempty"` + UnmatchedPreflights *string `tfsdk:"unmatched_preflights" json:"unmatchedPreflights,omitempty"` } `tfsdk:"cors_policy" json:"corsPolicy,omitempty"` Delegate *struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -458,6 +459,17 @@ func (r *NetworkingIstioIoVirtualServiceV1Manifest) Schema(_ context.Context, _ Optional: true, Computed: false, }, + + "unmatched_preflights": schema.StringAttribute{ + Description: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE", + MarkdownDescription: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("UNSPECIFIED", "FORWARD", "IGNORE"), + }, + }, }, Required: false, Optional: true, diff --git a/internal/provider/networking_istio_io_v1alpha3/networking_istio_io_virtual_service_v1alpha3_manifest.go b/internal/provider/networking_istio_io_v1alpha3/networking_istio_io_virtual_service_v1alpha3_manifest.go index ada66ecd3..fdec156dc 100644 --- a/internal/provider/networking_istio_io_v1alpha3/networking_istio_io_virtual_service_v1alpha3_manifest.go +++ b/internal/provider/networking_istio_io_v1alpha3/networking_istio_io_virtual_service_v1alpha3_manifest.go @@ -58,8 +58,9 @@ type NetworkingIstioIoVirtualServiceV1Alpha3ManifestData struct { Prefix *string `tfsdk:"prefix" json:"prefix,omitempty"` Regex *string `tfsdk:"regex" json:"regex,omitempty"` } `tfsdk:"allow_origins" json:"allowOrigins,omitempty"` - ExposeHeaders *[]string `tfsdk:"expose_headers" json:"exposeHeaders,omitempty"` - MaxAge *string `tfsdk:"max_age" json:"maxAge,omitempty"` + ExposeHeaders *[]string `tfsdk:"expose_headers" json:"exposeHeaders,omitempty"` + MaxAge *string `tfsdk:"max_age" json:"maxAge,omitempty"` + UnmatchedPreflights *string `tfsdk:"unmatched_preflights" json:"unmatchedPreflights,omitempty"` } `tfsdk:"cors_policy" json:"corsPolicy,omitempty"` Delegate *struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -458,6 +459,17 @@ func (r *NetworkingIstioIoVirtualServiceV1Alpha3Manifest) Schema(_ context.Conte Optional: true, Computed: false, }, + + "unmatched_preflights": schema.StringAttribute{ + Description: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE", + MarkdownDescription: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("UNSPECIFIED", "FORWARD", "IGNORE"), + }, + }, }, Required: false, Optional: true, diff --git a/internal/provider/networking_istio_io_v1beta1/networking_istio_io_virtual_service_v1beta1_manifest.go b/internal/provider/networking_istio_io_v1beta1/networking_istio_io_virtual_service_v1beta1_manifest.go index cf74fbe57..59d42eb86 100644 --- a/internal/provider/networking_istio_io_v1beta1/networking_istio_io_virtual_service_v1beta1_manifest.go +++ b/internal/provider/networking_istio_io_v1beta1/networking_istio_io_virtual_service_v1beta1_manifest.go @@ -58,8 +58,9 @@ type NetworkingIstioIoVirtualServiceV1Beta1ManifestData struct { Prefix *string `tfsdk:"prefix" json:"prefix,omitempty"` Regex *string `tfsdk:"regex" json:"regex,omitempty"` } `tfsdk:"allow_origins" json:"allowOrigins,omitempty"` - ExposeHeaders *[]string `tfsdk:"expose_headers" json:"exposeHeaders,omitempty"` - MaxAge *string `tfsdk:"max_age" json:"maxAge,omitempty"` + ExposeHeaders *[]string `tfsdk:"expose_headers" json:"exposeHeaders,omitempty"` + MaxAge *string `tfsdk:"max_age" json:"maxAge,omitempty"` + UnmatchedPreflights *string `tfsdk:"unmatched_preflights" json:"unmatchedPreflights,omitempty"` } `tfsdk:"cors_policy" json:"corsPolicy,omitempty"` Delegate *struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -458,6 +459,17 @@ func (r *NetworkingIstioIoVirtualServiceV1Beta1Manifest) Schema(_ context.Contex Optional: true, Computed: false, }, + + "unmatched_preflights": schema.StringAttribute{ + Description: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE", + MarkdownDescription: "Indicates whether preflight requests not matching the configured allowed origin shouldn't be forwarded to the upstream.Valid Options: FORWARD, IGNORE", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("UNSPECIFIED", "FORWARD", "IGNORE"), + }, + }, }, Required: false, Optional: true, diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_agent_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_agent_v1beta1_manifest.go index fe3d6f214..3cb9c0f5f 100644 --- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_agent_v1beta1_manifest.go +++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_agent_v1beta1_manifest.go @@ -264,6 +264,7 @@ type OperatorVictoriametricsComVmagentV1Beta1ManifestData struct { NodeSelector *map[string]string `tfsdk:"node_selector" json:"nodeSelector,omitempty"` OverrideHonorLabels *bool `tfsdk:"override_honor_labels" json:"overrideHonorLabels,omitempty"` OverrideHonorTimestamps *bool `tfsdk:"override_honor_timestamps" json:"overrideHonorTimestamps,omitempty"` + Paused *bool `tfsdk:"paused" json:"paused,omitempty"` PodDisruptionBudget *struct { MaxUnavailable *string `tfsdk:"max_unavailable" json:"maxUnavailable,omitempty"` MinAvailable *string `tfsdk:"min_available" json:"minAvailable,omitempty"` @@ -403,7 +404,10 @@ type OperatorVictoriametricsComVmagentV1Beta1ManifestData struct { KeepInput *bool `tfsdk:"keep_input" json:"keepInput,omitempty"` Rules *[]struct { By *[]string `tfsdk:"by" json:"by,omitempty"` + Dedup_interval *string `tfsdk:"dedup_interval" json:"dedup_interval,omitempty"` + Drop_input_labels *[]string `tfsdk:"drop_input_labels" json:"drop_input_labels,omitempty"` Flush_on_shutdown *bool `tfsdk:"flush_on_shutdown" json:"flush_on_shutdown,omitempty"` + Ignore_old_samples *bool `tfsdk:"ignore_old_samples" json:"ignore_old_samples,omitempty"` Input_relabel_configs *[]struct { Action *string `tfsdk:"action" json:"action,omitempty"` If *map[string]string `tfsdk:"if" json:"if,omitempty"` @@ -416,9 +420,11 @@ type OperatorVictoriametricsComVmagentV1Beta1ManifestData struct { SourceLabels *[]string `tfsdk:"source_labels" json:"sourceLabels,omitempty"` TargetLabel *string `tfsdk:"target_label" json:"targetLabel,omitempty"` } `tfsdk:"input_relabel_configs" json:"input_relabel_configs,omitempty"` - Interval *string `tfsdk:"interval" json:"interval,omitempty"` - Match *map[string]string `tfsdk:"match" json:"match,omitempty"` - Output_relabel_configs *[]struct { + Interval *string `tfsdk:"interval" json:"interval,omitempty"` + Keep_metric_names *bool `tfsdk:"keep_metric_names" json:"keep_metric_names,omitempty"` + Match *map[string]string `tfsdk:"match" json:"match,omitempty"` + No_align_flush_to_interval *bool `tfsdk:"no_align_flush_to_interval" json:"no_align_flush_to_interval,omitempty"` + Output_relabel_configs *[]struct { Action *string `tfsdk:"action" json:"action,omitempty"` If *map[string]string `tfsdk:"if" json:"if,omitempty"` Labels *map[string]string `tfsdk:"labels" json:"labels,omitempty"` @@ -2319,6 +2325,14 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont Computed: false, }, + "paused": schema.BoolAttribute{ + Description: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + MarkdownDescription: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + Required: false, + Optional: true, + Computed: false, + }, + "pod_disruption_budget": schema.SingleNestedAttribute{ Description: "PodDisruptionBudget created by operator", MarkdownDescription: "PodDisruptionBudget created by operator", @@ -3303,6 +3317,23 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont Computed: false, }, + "dedup_interval": schema.StringAttribute{ + Description: "DedupInterval is an optional interval for deduplication.", + MarkdownDescription: "DedupInterval is an optional interval for deduplication.", + Required: false, + Optional: true, + Computed: false, + }, + + "drop_input_labels": schema.ListAttribute{ + Description: "DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.Labels are dropped before de-duplication and aggregation.", + MarkdownDescription: "DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.Labels are dropped before de-duplication and aggregation.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "flush_on_shutdown": schema.BoolAttribute{ Description: "FlushOnShutdown defines whether to flush the aggregation state on process terminationor config reload. Is 'false' by default.It is not recommended changing this setting, unless unfinished aggregations statesare preferred to missing data points.", MarkdownDescription: "FlushOnShutdown defines whether to flush the aggregation state on process terminationor config reload. Is 'false' by default.It is not recommended changing this setting, unless unfinished aggregations statesare preferred to missing data points.", @@ -3311,6 +3342,14 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont Computed: false, }, + "ignore_old_samples": schema.BoolAttribute{ + Description: "IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.", + MarkdownDescription: "IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.", + Required: false, + Optional: true, + Computed: false, + }, + "input_relabel_configs": schema.ListNestedAttribute{ Description: "InputRelabelConfigs is an optional relabeling rules, which are applied on the inputbefore aggregation.", MarkdownDescription: "InputRelabelConfigs is an optional relabeling rules, which are applied on the inputbefore aggregation.", @@ -3414,6 +3453,14 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont Computed: false, }, + "keep_metric_names": schema.BoolAttribute{ + Description: "KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.", + MarkdownDescription: "KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.", + Required: false, + Optional: true, + Computed: false, + }, + "match": schema.MapAttribute{ Description: "Match is a label selector (or list of label selectors) for filtering time series for the given selector.If the match isn't set, then all the input time series are processed.", MarkdownDescription: "Match is a label selector (or list of label selectors) for filtering time series for the given selector.If the match isn't set, then all the input time series are processed.", @@ -3423,6 +3470,14 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont Computed: false, }, + "no_align_flush_to_interval": schema.BoolAttribute{ + Description: "NoAlighFlushToInterval disables aligning of flushes to multiples of Interval.By default flushes are aligned to Interval.", + MarkdownDescription: "NoAlighFlushToInterval disables aligning of flushes to multiples of Interval.By default flushes are aligned to Interval.", + Required: false, + Optional: true, + Computed: false, + }, + "output_relabel_configs": schema.ListNestedAttribute{ Description: "OutputRelabelConfigs is an optional relabeling rules, which are appliedon the aggregated output before being sent to remote storage.", MarkdownDescription: "OutputRelabelConfigs is an optional relabeling rules, which are appliedon the aggregated output before being sent to remote storage.", @@ -3528,8 +3583,8 @@ func (r *OperatorVictoriametricsComVmagentV1Beta1Manifest) Schema(_ context.Cont }, "staleness_interval": schema.StringAttribute{ - Description: "StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it.", - MarkdownDescription: "StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it.", + Description: "Staleness interval is interval after which the series state will be reset if no samples have been sent during it.The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.", + MarkdownDescription: "Staleness interval is interval after which the series state will be reset if no samples have been sent during it.The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alert_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alert_v1beta1_manifest.go index 878227410..67f65d985 100644 --- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alert_v1beta1_manifest.go +++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_alert_v1beta1_manifest.go @@ -262,6 +262,7 @@ type OperatorVictoriametricsComVmalertV1Beta1ManifestData struct { TlsConfig *map[string]string `tfsdk:"tls_config" json:"tlsConfig,omitempty"` Url *string `tfsdk:"url" json:"url,omitempty"` } `tfsdk:"notifiers" json:"notifiers,omitempty"` + Paused *bool `tfsdk:"paused" json:"paused,omitempty"` PodDisruptionBudget *struct { MaxUnavailable *string `tfsdk:"max_unavailable" json:"maxUnavailable,omitempty"` MinAvailable *string `tfsdk:"min_available" json:"minAvailable,omitempty"` @@ -2016,6 +2017,14 @@ func (r *OperatorVictoriametricsComVmalertV1Beta1Manifest) Schema(_ context.Cont Computed: false, }, + "paused": schema.BoolAttribute{ + Description: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + MarkdownDescription: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + Required: false, + Optional: true, + Computed: false, + }, + "pod_disruption_budget": schema.SingleNestedAttribute{ Description: "PodDisruptionBudget created by operator", MarkdownDescription: "PodDisruptionBudget created by operator", diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_auth_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_auth_v1beta1_manifest.go index 1417ecc92..3f7f3cecc 100644 --- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_auth_v1beta1_manifest.go +++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_auth_v1beta1_manifest.go @@ -48,6 +48,8 @@ type OperatorVictoriametricsComVmauthV1Beta1ManifestData struct { ConfigReloaderExtraArgs *map[string]string `tfsdk:"config_reloader_extra_args" json:"configReloaderExtraArgs,omitempty"` ConfigSecret *string `tfsdk:"config_secret" json:"configSecret,omitempty"` Containers *[]map[string]string `tfsdk:"containers" json:"containers,omitempty"` + Default_url *[]string `tfsdk:"default_url" json:"default_url,omitempty"` + Discover_backend_ips *bool `tfsdk:"discover_backend_ips" json:"discover_backend_ips,omitempty"` DnsConfig *struct { Nameservers *[]string `tfsdk:"nameservers" json:"nameservers,omitempty"` Options *[]struct { @@ -56,10 +58,12 @@ type OperatorVictoriametricsComVmauthV1Beta1ManifestData struct { } `tfsdk:"options" json:"options,omitempty"` Searches *[]string `tfsdk:"searches" json:"searches,omitempty"` } `tfsdk:"dns_config" json:"dnsConfig,omitempty"` - DnsPolicy *string `tfsdk:"dns_policy" json:"dnsPolicy,omitempty"` - ExtraArgs *map[string]string `tfsdk:"extra_args" json:"extraArgs,omitempty"` - ExtraEnvs *[]map[string]string `tfsdk:"extra_envs" json:"extraEnvs,omitempty"` - HostAliases *[]struct { + DnsPolicy *string `tfsdk:"dns_policy" json:"dnsPolicy,omitempty"` + Drop_src_path_prefix_parts *int64 `tfsdk:"drop_src_path_prefix_parts" json:"drop_src_path_prefix_parts,omitempty"` + ExtraArgs *map[string]string `tfsdk:"extra_args" json:"extraArgs,omitempty"` + ExtraEnvs *[]map[string]string `tfsdk:"extra_envs" json:"extraEnvs,omitempty"` + Headers *[]string `tfsdk:"headers" json:"headers,omitempty"` + HostAliases *[]struct { Hostnames *[]string `tfsdk:"hostnames" json:"hostnames,omitempty"` Ip *string `tfsdk:"ip" json:"ip,omitempty"` } `tfsdk:"host_aliases" json:"hostAliases,omitempty"` @@ -109,7 +113,11 @@ type OperatorVictoriametricsComVmauthV1Beta1ManifestData struct { TlsSecretName *string `tfsdk:"tls_secret_name" json:"tlsSecretName,omitempty"` } `tfsdk:"ingress" json:"ingress,omitempty"` InitContainers *[]map[string]string `tfsdk:"init_containers" json:"initContainers,omitempty"` - License *struct { + Ip_filters *struct { + Allow_list *[]string `tfsdk:"allow_list" json:"allow_list,omitempty"` + Deny_list *[]string `tfsdk:"deny_list" json:"deny_list,omitempty"` + } `tfsdk:"ip_filters" json:"ip_filters,omitempty"` + License *struct { Key *string `tfsdk:"key" json:"key,omitempty"` KeyRef *struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -117,12 +125,15 @@ type OperatorVictoriametricsComVmauthV1Beta1ManifestData struct { Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"key_ref" json:"keyRef,omitempty"` } `tfsdk:"license" json:"license,omitempty"` - LivenessProbe *map[string]string `tfsdk:"liveness_probe" json:"livenessProbe,omitempty"` - LogFormat *string `tfsdk:"log_format" json:"logFormat,omitempty"` - LogLevel *string `tfsdk:"log_level" json:"logLevel,omitempty"` - MinReadySeconds *int64 `tfsdk:"min_ready_seconds" json:"minReadySeconds,omitempty"` - NodeSelector *map[string]string `tfsdk:"node_selector" json:"nodeSelector,omitempty"` - PodDisruptionBudget *struct { + LivenessProbe *map[string]string `tfsdk:"liveness_probe" json:"livenessProbe,omitempty"` + Load_balancing_policy *string `tfsdk:"load_balancing_policy" json:"load_balancing_policy,omitempty"` + LogFormat *string `tfsdk:"log_format" json:"logFormat,omitempty"` + LogLevel *string `tfsdk:"log_level" json:"logLevel,omitempty"` + Max_concurrent_requests *int64 `tfsdk:"max_concurrent_requests" json:"max_concurrent_requests,omitempty"` + MinReadySeconds *int64 `tfsdk:"min_ready_seconds" json:"minReadySeconds,omitempty"` + NodeSelector *map[string]string `tfsdk:"node_selector" json:"nodeSelector,omitempty"` + Paused *bool `tfsdk:"paused" json:"paused,omitempty"` + PodDisruptionBudget *struct { MaxUnavailable *string `tfsdk:"max_unavailable" json:"maxUnavailable,omitempty"` MinAvailable *string `tfsdk:"min_available" json:"minAvailable,omitempty"` SelectorLabels *map[string]string `tfsdk:"selector_labels" json:"selectorLabels,omitempty"` @@ -146,6 +157,8 @@ type OperatorVictoriametricsComVmauthV1Beta1ManifestData struct { Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` + Response_headers *[]string `tfsdk:"response_headers" json:"response_headers,omitempty"` + Retry_status_codes *[]string `tfsdk:"retry_status_codes" json:"retry_status_codes,omitempty"` RevisionHistoryLimitCount *int64 `tfsdk:"revision_history_limit_count" json:"revisionHistoryLimitCount,omitempty"` RuntimeClassName *string `tfsdk:"runtime_class_name" json:"runtimeClassName,omitempty"` SchedulerName *string `tfsdk:"scheduler_name" json:"schedulerName,omitempty"` @@ -165,7 +178,43 @@ type OperatorVictoriametricsComVmauthV1Beta1ManifestData struct { } `tfsdk:"service_spec" json:"serviceSpec,omitempty"` StartupProbe *map[string]string `tfsdk:"startup_probe" json:"startupProbe,omitempty"` TerminationGracePeriodSeconds *int64 `tfsdk:"termination_grace_period_seconds" json:"terminationGracePeriodSeconds,omitempty"` - Tolerations *[]struct { + TlsConfig *struct { + Ca *struct { + ConfigMap *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"config_map" json:"configMap,omitempty"` + Secret *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"secret" json:"secret,omitempty"` + } `tfsdk:"ca" json:"ca,omitempty"` + CaFile *string `tfsdk:"ca_file" json:"caFile,omitempty"` + Cert *struct { + ConfigMap *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"config_map" json:"configMap,omitempty"` + Secret *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"secret" json:"secret,omitempty"` + } `tfsdk:"cert" json:"cert,omitempty"` + CertFile *string `tfsdk:"cert_file" json:"certFile,omitempty"` + InsecureSkipVerify *bool `tfsdk:"insecure_skip_verify" json:"insecureSkipVerify,omitempty"` + KeyFile *string `tfsdk:"key_file" json:"keyFile,omitempty"` + KeySecret *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"key_secret" json:"keySecret,omitempty"` + ServerName *string `tfsdk:"server_name" json:"serverName,omitempty"` + } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` + Tolerations *[]struct { Effect *string `tfsdk:"effect" json:"effect,omitempty"` Key *string `tfsdk:"key" json:"key,omitempty"` Operator *string `tfsdk:"operator" json:"operator,omitempty"` @@ -174,18 +223,17 @@ type OperatorVictoriametricsComVmauthV1Beta1ManifestData struct { } `tfsdk:"tolerations" json:"tolerations,omitempty"` TopologySpreadConstraints *[]map[string]string `tfsdk:"topology_spread_constraints" json:"topologySpreadConstraints,omitempty"` UnauthorizedAccessConfig *[]struct { + Discover_backend_ips *bool `tfsdk:"discover_backend_ips" json:"discover_backend_ips,omitempty"` Drop_src_path_prefix_parts *int64 `tfsdk:"drop_src_path_prefix_parts" json:"drop_src_path_prefix_parts,omitempty"` Headers *[]string `tfsdk:"headers" json:"headers,omitempty"` - Ip_filters *struct { - Allow_list *[]string `tfsdk:"allow_list" json:"allow_list,omitempty"` - Deny_list *[]string `tfsdk:"deny_list" json:"deny_list,omitempty"` - } `tfsdk:"ip_filters" json:"ip_filters,omitempty"` - Load_balancing_policy *string `tfsdk:"load_balancing_policy" json:"load_balancing_policy,omitempty"` - Response_headers *[]string `tfsdk:"response_headers" json:"response_headers,omitempty"` - Retry_status_codes *[]string `tfsdk:"retry_status_codes" json:"retry_status_codes,omitempty"` - Src_hosts *[]string `tfsdk:"src_hosts" json:"src_hosts,omitempty"` - Src_paths *[]string `tfsdk:"src_paths" json:"src_paths,omitempty"` - Url_prefix *[]string `tfsdk:"url_prefix" json:"url_prefix,omitempty"` + Load_balancing_policy *string `tfsdk:"load_balancing_policy" json:"load_balancing_policy,omitempty"` + Response_headers *[]string `tfsdk:"response_headers" json:"response_headers,omitempty"` + Retry_status_codes *[]string `tfsdk:"retry_status_codes" json:"retry_status_codes,omitempty"` + Src_headers *[]string `tfsdk:"src_headers" json:"src_headers,omitempty"` + Src_hosts *[]string `tfsdk:"src_hosts" json:"src_hosts,omitempty"` + Src_paths *[]string `tfsdk:"src_paths" json:"src_paths,omitempty"` + Src_query_args *[]string `tfsdk:"src_query_args" json:"src_query_args,omitempty"` + Url_prefix *[]string `tfsdk:"url_prefix" json:"url_prefix,omitempty"` } `tfsdk:"unauthorized_access_config" json:"unauthorizedAccessConfig,omitempty"` UseStrictSecurity *bool `tfsdk:"use_strict_security" json:"useStrictSecurity,omitempty"` UserNamespaceSelector *struct { @@ -337,6 +385,23 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "default_url": schema.ListAttribute{ + Description: "DefaultURLs backend url for non-matching paths filterusually used for default backend with error message", + MarkdownDescription: "DefaultURLs backend url for non-matching paths filterusually used for default backend with error message", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "discover_backend_ips": schema.BoolAttribute{ + Description: "DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.", + MarkdownDescription: "DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.", + Required: false, + Optional: true, + Computed: false, + }, + "dns_config": schema.SingleNestedAttribute{ Description: "Specifies the DNS parameters of a pod.Parameters specified here will be merged to the generated DNSconfiguration based on DNSPolicy.", MarkdownDescription: "Specifies the DNS parameters of a pod.Parameters specified here will be merged to the generated DNSconfiguration based on DNSPolicy.", @@ -399,6 +464,14 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "drop_src_path_prefix_parts": schema.Int64Attribute{ + Description: "DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.", + MarkdownDescription: "DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.", + Required: false, + Optional: true, + Computed: false, + }, + "extra_args": schema.MapAttribute{ Description: "ExtraArgs that will be passed to VMAuth podfor example remoteWrite.tmpDataPath: /tmp", MarkdownDescription: "ExtraArgs that will be passed to VMAuth podfor example remoteWrite.tmpDataPath: /tmp", @@ -417,6 +490,15 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "headers": schema.ListAttribute{ + Description: "Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", + MarkdownDescription: "Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "host_aliases": schema.ListNestedAttribute{ Description: "HostAliases provides mapping for ip and hostname,that would be propagated to pod,cannot be used with HostNetwork.", MarkdownDescription: "HostAliases provides mapping for ip and hostname,that would be propagated to pod,cannot be used with HostNetwork.", @@ -749,6 +831,33 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "ip_filters": schema.SingleNestedAttribute{ + Description: "IPFilters defines per target src ip filterssupported only with enterprise version of vmauthhttps://docs.victoriametrics.com/vmauth.html#ip-filters", + MarkdownDescription: "IPFilters defines per target src ip filterssupported only with enterprise version of vmauthhttps://docs.victoriametrics.com/vmauth.html#ip-filters", + Attributes: map[string]schema.Attribute{ + "allow_list": schema.ListAttribute{ + Description: "", + MarkdownDescription: "", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "deny_list": schema.ListAttribute{ + Description: "", + MarkdownDescription: "", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "license": schema.SingleNestedAttribute{ Description: "License allows to configure license key to be used for enterprise features.Using license key is supported starting from VictoriaMetrics v1.94.0.See: https://docs.victoriametrics.com/enterprise.html", MarkdownDescription: "License allows to configure license key to be used for enterprise features.Using license key is supported starting from VictoriaMetrics v1.94.0.See: https://docs.victoriametrics.com/enterprise.html", @@ -808,6 +917,17 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "load_balancing_policy": schema.StringAttribute{ + Description: "LoadBalancingPolicy defines load balancing policy to use for backend urls.Supported policies: least_loaded, first_available.See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded')", + MarkdownDescription: "LoadBalancingPolicy defines load balancing policy to use for backend urls.Supported policies: least_loaded, first_available.See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded')", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("least_loaded", "first_available"), + }, + }, + "log_format": schema.StringAttribute{ Description: "LogFormat for VMAuth to be configured with.", MarkdownDescription: "LogFormat for VMAuth to be configured with.", @@ -830,6 +950,14 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte }, }, + "max_concurrent_requests": schema.Int64Attribute{ + Description: "MaxConcurrentRequests defines max concurrent requests per user300 is default value for vmauth", + MarkdownDescription: "MaxConcurrentRequests defines max concurrent requests per user300 is default value for vmauth", + Required: false, + Optional: true, + Computed: false, + }, + "min_ready_seconds": schema.Int64Attribute{ Description: "MinReadySeconds defines a minim number os seconds to wait before starting update next podif previous in healthy state", MarkdownDescription: "MinReadySeconds defines a minim number os seconds to wait before starting update next podif previous in healthy state", @@ -847,6 +975,14 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "paused": schema.BoolAttribute{ + Description: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + MarkdownDescription: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + Required: false, + Optional: true, + Computed: false, + }, + "pod_disruption_budget": schema.SingleNestedAttribute{ Description: "PodDisruptionBudget created by operator", MarkdownDescription: "PodDisruptionBudget created by operator", @@ -1014,6 +1150,24 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "response_headers": schema.ListAttribute{ + Description: "ResponseHeaders represent additional http headers, that vmauth adds for request responsein form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.93.0 version of vmauth", + MarkdownDescription: "ResponseHeaders represent additional http headers, that vmauth adds for request responsein form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.93.0 version of vmauth", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "retry_status_codes": schema.ListAttribute{ + Description: "RetryStatusCodes defines http status codes in numeric format for request retriese.g. [429,503]", + MarkdownDescription: "RetryStatusCodes defines http status codes in numeric format for request retriese.g. [429,503]", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "revision_history_limit_count": schema.Int64Attribute{ Description: "The number of old ReplicaSets to retain to allow rollback in deployment ormaximum number of revisions that will be maintained in the StatefulSet's revision history.Defaults to 10.", MarkdownDescription: "The number of old ReplicaSets to retain to allow rollback in deployment ormaximum number of revisions that will be maintained in the StatefulSet's revision history.Defaults to 10.", @@ -1159,6 +1313,238 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "tls_config": schema.SingleNestedAttribute{ + Description: "TLSConfig specifies TLSConfig configuration parameters.", + MarkdownDescription: "TLSConfig specifies TLSConfig configuration parameters.", + Attributes: map[string]schema.Attribute{ + "ca": schema.SingleNestedAttribute{ + Description: "Stuct containing the CA cert to use for the targets.", + MarkdownDescription: "Stuct containing the CA cert to use for the targets.", + Attributes: map[string]schema.Attribute{ + "config_map": schema.SingleNestedAttribute{ + Description: "ConfigMap containing data to use for the targets.", + MarkdownDescription: "ConfigMap containing data to use for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key to select.", + MarkdownDescription: "The key to select.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the ConfigMap or its key must be defined", + MarkdownDescription: "Specify whether the ConfigMap or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "secret": schema.SingleNestedAttribute{ + Description: "Secret containing data to use for the targets.", + MarkdownDescription: "Secret containing data to use for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key of the secret to select from. Must be a valid secret key.", + MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the Secret or its key must be defined", + MarkdownDescription: "Specify whether the Secret or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "ca_file": schema.StringAttribute{ + Description: "Path to the CA cert in the container to use for the targets.", + MarkdownDescription: "Path to the CA cert in the container to use for the targets.", + Required: false, + Optional: true, + Computed: false, + }, + + "cert": schema.SingleNestedAttribute{ + Description: "Struct containing the client cert file for the targets.", + MarkdownDescription: "Struct containing the client cert file for the targets.", + Attributes: map[string]schema.Attribute{ + "config_map": schema.SingleNestedAttribute{ + Description: "ConfigMap containing data to use for the targets.", + MarkdownDescription: "ConfigMap containing data to use for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key to select.", + MarkdownDescription: "The key to select.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the ConfigMap or its key must be defined", + MarkdownDescription: "Specify whether the ConfigMap or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "secret": schema.SingleNestedAttribute{ + Description: "Secret containing data to use for the targets.", + MarkdownDescription: "Secret containing data to use for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key of the secret to select from. Must be a valid secret key.", + MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the Secret or its key must be defined", + MarkdownDescription: "Specify whether the Secret or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "cert_file": schema.StringAttribute{ + Description: "Path to the client cert file in the container for the targets.", + MarkdownDescription: "Path to the client cert file in the container for the targets.", + Required: false, + Optional: true, + Computed: false, + }, + + "insecure_skip_verify": schema.BoolAttribute{ + Description: "Disable target certificate validation.", + MarkdownDescription: "Disable target certificate validation.", + Required: false, + Optional: true, + Computed: false, + }, + + "key_file": schema.StringAttribute{ + Description: "Path to the client key file in the container for the targets.", + MarkdownDescription: "Path to the client key file in the container for the targets.", + Required: false, + Optional: true, + Computed: false, + }, + + "key_secret": schema.SingleNestedAttribute{ + Description: "Secret containing the client key file for the targets.", + MarkdownDescription: "Secret containing the client key file for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key of the secret to select from. Must be a valid secret key.", + MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the Secret or its key must be defined", + MarkdownDescription: "Specify whether the Secret or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "server_name": schema.StringAttribute{ + Description: "Used to verify the hostname for the targets.", + MarkdownDescription: "Used to verify the hostname for the targets.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "tolerations": schema.ListNestedAttribute{ Description: "Tolerations If specified, the pod's tolerations.", MarkdownDescription: "Tolerations If specified, the pod's tolerations.", @@ -1224,6 +1610,14 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte MarkdownDescription: "UnauthorizedAccessConfig configures access for un authorized users", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ + "discover_backend_ips": schema.BoolAttribute{ + Description: "DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.", + MarkdownDescription: "DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.", + Required: false, + Optional: true, + Computed: false, + }, + "drop_src_path_prefix_parts": schema.Int64Attribute{ Description: "DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.", MarkdownDescription: "DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.", @@ -1233,41 +1627,14 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte }, "headers": schema.ListAttribute{ - Description: "Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", - MarkdownDescription: "Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", + Description: "RequestHeaders represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", + MarkdownDescription: "RequestHeaders represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", ElementType: types.StringType, Required: false, Optional: true, Computed: false, }, - "ip_filters": schema.SingleNestedAttribute{ - Description: "IPFilters defines filter for src ip addressenterprise only", - MarkdownDescription: "IPFilters defines filter for src ip addressenterprise only", - Attributes: map[string]schema.Attribute{ - "allow_list": schema.ListAttribute{ - Description: "", - MarkdownDescription: "", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - - "deny_list": schema.ListAttribute{ - Description: "", - MarkdownDescription: "", - ElementType: types.StringType, - Required: false, - Optional: true, - Computed: false, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "load_balancing_policy": schema.StringAttribute{ Description: "LoadBalancingPolicy defines load balancing policy to use for backend urls.Supported policies: least_loaded, first_available.See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded')", MarkdownDescription: "LoadBalancingPolicy defines load balancing policy to use for backend urls.Supported policies: least_loaded, first_available.See https://docs.victoriametrics.com/vmauth.html#load-balancing for more details (default 'least_loaded')", @@ -1289,8 +1656,17 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte }, "retry_status_codes": schema.ListAttribute{ - Description: "RetryStatusCodes defines http status codes in numeric format for request retriese.g. [429,503]", - MarkdownDescription: "RetryStatusCodes defines http status codes in numeric format for request retriese.g. [429,503]", + Description: "RetryStatusCodes defines http status codes in numeric format for request retriesCan be defined per target or at VMUser.spec levele.g. [429,503]", + MarkdownDescription: "RetryStatusCodes defines http status codes in numeric format for request retriesCan be defined per target or at VMUser.spec levele.g. [429,503]", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "src_headers": schema.ListAttribute{ + Description: "SrcHeaders is an optional list of headers, which must match request headers.", + MarkdownDescription: "SrcHeaders is an optional list of headers, which must match request headers.", ElementType: types.StringType, Required: false, Optional: true, @@ -1298,8 +1674,8 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte }, "src_hosts": schema.ListAttribute{ - Description: "SrcHosts is the list of regular expressions, which match the request hostname.", - MarkdownDescription: "SrcHosts is the list of regular expressions, which match the request hostname.", + Description: "SrcHosts is an optional list of regular expressions, which must match the request hostname.", + MarkdownDescription: "SrcHosts is an optional list of regular expressions, which must match the request hostname.", ElementType: types.StringType, Required: false, Optional: true, @@ -1307,8 +1683,17 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte }, "src_paths": schema.ListAttribute{ - Description: "Paths src request paths", - MarkdownDescription: "Paths src request paths", + Description: "SrcPaths is an optional list of regular expressions, which must match the request path.", + MarkdownDescription: "SrcPaths is an optional list of regular expressions, which must match the request path.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "src_query_args": schema.ListAttribute{ + Description: "SrcQueryArgs is an optional list of query args, which must match request URL query args.", + MarkdownDescription: "SrcQueryArgs is an optional list of query args, which must match request URL query args.", ElementType: types.StringType, Required: false, Optional: true, @@ -1316,8 +1701,8 @@ func (r *OperatorVictoriametricsComVmauthV1Beta1Manifest) Schema(_ context.Conte }, "url_prefix": schema.ListAttribute{ - Description: "URLs defines url_prefix for dst routing", - MarkdownDescription: "URLs defines url_prefix for dst routing", + Description: "UrlPrefix contains backend url prefixes for the proxied request url.", + MarkdownDescription: "UrlPrefix contains backend url prefixes for the proxied request url.", ElementType: types.StringType, Required: false, Optional: true, diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.go index 448d6f819..96c6f8199 100644 --- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.go +++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_cluster_v1beta1_manifest.go @@ -55,6 +55,7 @@ type OperatorVictoriametricsComVmclusterV1Beta1ManifestData struct { Optional *bool `tfsdk:"optional" json:"optional,omitempty"` } `tfsdk:"key_ref" json:"keyRef,omitempty"` } `tfsdk:"license" json:"license,omitempty"` + Paused *bool `tfsdk:"paused" json:"paused,omitempty"` ReplicationFactor *int64 `tfsdk:"replication_factor" json:"replicationFactor,omitempty"` RetentionPeriod *string `tfsdk:"retention_period" json:"retentionPeriod,omitempty"` ServiceAccountName *string `tfsdk:"service_account_name" json:"serviceAccountName,omitempty"` @@ -752,6 +753,14 @@ func (r *OperatorVictoriametricsComVmclusterV1Beta1Manifest) Schema(_ context.Co Computed: false, }, + "paused": schema.BoolAttribute{ + Description: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + MarkdownDescription: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + Required: false, + Optional: true, + Computed: false, + }, + "replication_factor": schema.Int64Attribute{ Description: "ReplicationFactor defines how many copies of data make amongdistinct storage nodes", MarkdownDescription: "ReplicationFactor defines how many copies of data make amongdistinct storage nodes", diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_single_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_single_v1beta1_manifest.go index b76f0ccc6..621bb83b4 100644 --- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_single_v1beta1_manifest.go +++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_single_v1beta1_manifest.go @@ -89,6 +89,7 @@ type OperatorVictoriametricsComVmsingleV1Beta1ManifestData struct { LogFormat *string `tfsdk:"log_format" json:"logFormat,omitempty"` LogLevel *string `tfsdk:"log_level" json:"logLevel,omitempty"` NodeSelector *map[string]string `tfsdk:"node_selector" json:"nodeSelector,omitempty"` + Paused *bool `tfsdk:"paused" json:"paused,omitempty"` PodMetadata *struct { Annotations *map[string]string `tfsdk:"annotations" json:"annotations,omitempty"` Labels *map[string]string `tfsdk:"labels" json:"labels,omitempty"` @@ -171,7 +172,10 @@ type OperatorVictoriametricsComVmsingleV1Beta1ManifestData struct { KeepInput *bool `tfsdk:"keep_input" json:"keepInput,omitempty"` Rules *[]struct { By *[]string `tfsdk:"by" json:"by,omitempty"` + Dedup_interval *string `tfsdk:"dedup_interval" json:"dedup_interval,omitempty"` + Drop_input_labels *[]string `tfsdk:"drop_input_labels" json:"drop_input_labels,omitempty"` Flush_on_shutdown *bool `tfsdk:"flush_on_shutdown" json:"flush_on_shutdown,omitempty"` + Ignore_old_samples *bool `tfsdk:"ignore_old_samples" json:"ignore_old_samples,omitempty"` Input_relabel_configs *[]struct { Action *string `tfsdk:"action" json:"action,omitempty"` If *map[string]string `tfsdk:"if" json:"if,omitempty"` @@ -184,9 +188,11 @@ type OperatorVictoriametricsComVmsingleV1Beta1ManifestData struct { SourceLabels *[]string `tfsdk:"source_labels" json:"sourceLabels,omitempty"` TargetLabel *string `tfsdk:"target_label" json:"targetLabel,omitempty"` } `tfsdk:"input_relabel_configs" json:"input_relabel_configs,omitempty"` - Interval *string `tfsdk:"interval" json:"interval,omitempty"` - Match *map[string]string `tfsdk:"match" json:"match,omitempty"` - Output_relabel_configs *[]struct { + Interval *string `tfsdk:"interval" json:"interval,omitempty"` + Keep_metric_names *bool `tfsdk:"keep_metric_names" json:"keep_metric_names,omitempty"` + Match *map[string]string `tfsdk:"match" json:"match,omitempty"` + No_align_flush_to_interval *bool `tfsdk:"no_align_flush_to_interval" json:"no_align_flush_to_interval,omitempty"` + Output_relabel_configs *[]struct { Action *string `tfsdk:"action" json:"action,omitempty"` If *map[string]string `tfsdk:"if" json:"if,omitempty"` Labels *map[string]string `tfsdk:"labels" json:"labels,omitempty"` @@ -709,6 +715,14 @@ func (r *OperatorVictoriametricsComVmsingleV1Beta1Manifest) Schema(_ context.Con Computed: false, }, + "paused": schema.BoolAttribute{ + Description: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + MarkdownDescription: "Paused If set to true all actions on the underlaying managed objects are notgoing to be performed, except for delete actions.", + Required: false, + Optional: true, + Computed: false, + }, + "pod_metadata": schema.SingleNestedAttribute{ Description: "PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods.", MarkdownDescription: "PodMetadata configures Labels and Annotations which are propagated to the VMSingle pods.", @@ -1288,6 +1302,23 @@ func (r *OperatorVictoriametricsComVmsingleV1Beta1Manifest) Schema(_ context.Con Computed: false, }, + "dedup_interval": schema.StringAttribute{ + Description: "DedupInterval is an optional interval for deduplication.", + MarkdownDescription: "DedupInterval is an optional interval for deduplication.", + Required: false, + Optional: true, + Computed: false, + }, + + "drop_input_labels": schema.ListAttribute{ + Description: "DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.Labels are dropped before de-duplication and aggregation.", + MarkdownDescription: "DropInputLabels is an optional list with labels, which must be dropped before further processing of input samples.Labels are dropped before de-duplication and aggregation.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "flush_on_shutdown": schema.BoolAttribute{ Description: "FlushOnShutdown defines whether to flush the aggregation state on process terminationor config reload. Is 'false' by default.It is not recommended changing this setting, unless unfinished aggregations statesare preferred to missing data points.", MarkdownDescription: "FlushOnShutdown defines whether to flush the aggregation state on process terminationor config reload. Is 'false' by default.It is not recommended changing this setting, unless unfinished aggregations statesare preferred to missing data points.", @@ -1296,6 +1327,14 @@ func (r *OperatorVictoriametricsComVmsingleV1Beta1Manifest) Schema(_ context.Con Computed: false, }, + "ignore_old_samples": schema.BoolAttribute{ + Description: "IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.", + MarkdownDescription: "IgnoreOldSamples instructs to ignore samples with old timestamps outside the current aggregation interval.", + Required: false, + Optional: true, + Computed: false, + }, + "input_relabel_configs": schema.ListNestedAttribute{ Description: "InputRelabelConfigs is an optional relabeling rules, which are applied on the inputbefore aggregation.", MarkdownDescription: "InputRelabelConfigs is an optional relabeling rules, which are applied on the inputbefore aggregation.", @@ -1399,6 +1438,14 @@ func (r *OperatorVictoriametricsComVmsingleV1Beta1Manifest) Schema(_ context.Con Computed: false, }, + "keep_metric_names": schema.BoolAttribute{ + Description: "KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.", + MarkdownDescription: "KeepMetricNames instructs to leave metric names as is for the output time series without adding any suffix.", + Required: false, + Optional: true, + Computed: false, + }, + "match": schema.MapAttribute{ Description: "Match is a label selector (or list of label selectors) for filtering time series for the given selector.If the match isn't set, then all the input time series are processed.", MarkdownDescription: "Match is a label selector (or list of label selectors) for filtering time series for the given selector.If the match isn't set, then all the input time series are processed.", @@ -1408,6 +1455,14 @@ func (r *OperatorVictoriametricsComVmsingleV1Beta1Manifest) Schema(_ context.Con Computed: false, }, + "no_align_flush_to_interval": schema.BoolAttribute{ + Description: "NoAlighFlushToInterval disables aligning of flushes to multiples of Interval.By default flushes are aligned to Interval.", + MarkdownDescription: "NoAlighFlushToInterval disables aligning of flushes to multiples of Interval.By default flushes are aligned to Interval.", + Required: false, + Optional: true, + Computed: false, + }, + "output_relabel_configs": schema.ListNestedAttribute{ Description: "OutputRelabelConfigs is an optional relabeling rules, which are appliedon the aggregated output before being sent to remote storage.", MarkdownDescription: "OutputRelabelConfigs is an optional relabeling rules, which are appliedon the aggregated output before being sent to remote storage.", @@ -1513,8 +1568,8 @@ func (r *OperatorVictoriametricsComVmsingleV1Beta1Manifest) Schema(_ context.Con }, "staleness_interval": schema.StringAttribute{ - Description: "StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it.", - MarkdownDescription: "StalenessInterval defines an interval after which the series state will be reset if no samples have been sent during it.", + Description: "Staleness interval is interval after which the series state will be reset if no samples have been sent during it.The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.", + MarkdownDescription: "Staleness interval is interval after which the series state will be reset if no samples have been sent during it.The parameter is only relevant for outputs: total, total_prometheus, increase, increase_prometheus and histogram_bucket.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_user_v1beta1_manifest.go b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_user_v1beta1_manifest.go index 0a0f08b00..4fbc73f16 100644 --- a/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_user_v1beta1_manifest.go +++ b/internal/provider/operator_victoriametrics_com_v1beta1/operator_victoriametrics_com_vm_user_v1beta1_manifest.go @@ -46,6 +46,7 @@ type OperatorVictoriametricsComVmuserV1Beta1ManifestData struct { BearerToken *string `tfsdk:"bearer_token" json:"bearerToken,omitempty"` Default_url *[]string `tfsdk:"default_url" json:"default_url,omitempty"` Disable_secret_creation *bool `tfsdk:"disable_secret_creation" json:"disable_secret_creation,omitempty"` + Discover_backend_ips *bool `tfsdk:"discover_backend_ips" json:"discover_backend_ips,omitempty"` Drop_src_path_prefix_parts *int64 `tfsdk:"drop_src_path_prefix_parts" json:"drop_src_path_prefix_parts,omitempty"` GeneratePassword *bool `tfsdk:"generate_password" json:"generatePassword,omitempty"` Headers *[]string `tfsdk:"headers" json:"headers,omitempty"` @@ -71,6 +72,7 @@ type OperatorVictoriametricsComVmuserV1Beta1ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` } `tfsdk:"crd" json:"crd,omitempty"` + Discover_backend_ips *bool `tfsdk:"discover_backend_ips" json:"discover_backend_ips,omitempty"` Drop_src_path_prefix_parts *int64 `tfsdk:"drop_src_path_prefix_parts" json:"drop_src_path_prefix_parts,omitempty"` Headers *[]string `tfsdk:"headers" json:"headers,omitempty"` Hosts *[]string `tfsdk:"hosts" json:"hosts,omitempty"` @@ -78,6 +80,8 @@ type OperatorVictoriametricsComVmuserV1Beta1ManifestData struct { Paths *[]string `tfsdk:"paths" json:"paths,omitempty"` Response_headers *[]string `tfsdk:"response_headers" json:"response_headers,omitempty"` Retry_status_codes *[]string `tfsdk:"retry_status_codes" json:"retry_status_codes,omitempty"` + Src_headers *[]string `tfsdk:"src_headers" json:"src_headers,omitempty"` + Src_query_args *[]string `tfsdk:"src_query_args" json:"src_query_args,omitempty"` Static *struct { Url *string `tfsdk:"url" json:"url,omitempty"` Urls *[]string `tfsdk:"urls" json:"urls,omitempty"` @@ -96,8 +100,43 @@ type OperatorVictoriametricsComVmuserV1Beta1ManifestData struct { } `tfsdk:"target_ref_basic_auth" json:"targetRefBasicAuth,omitempty"` Target_path_suffix *string `tfsdk:"target_path_suffix" json:"target_path_suffix,omitempty"` } `tfsdk:"target_refs" json:"targetRefs,omitempty"` - Tls_insecure_skip_verify *bool `tfsdk:"tls_insecure_skip_verify" json:"tls_insecure_skip_verify,omitempty"` - TokenRef *struct { + TlsConfig *struct { + Ca *struct { + ConfigMap *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"config_map" json:"configMap,omitempty"` + Secret *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"secret" json:"secret,omitempty"` + } `tfsdk:"ca" json:"ca,omitempty"` + CaFile *string `tfsdk:"ca_file" json:"caFile,omitempty"` + Cert *struct { + ConfigMap *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"config_map" json:"configMap,omitempty"` + Secret *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"secret" json:"secret,omitempty"` + } `tfsdk:"cert" json:"cert,omitempty"` + CertFile *string `tfsdk:"cert_file" json:"certFile,omitempty"` + InsecureSkipVerify *bool `tfsdk:"insecure_skip_verify" json:"insecureSkipVerify,omitempty"` + KeyFile *string `tfsdk:"key_file" json:"keyFile,omitempty"` + KeySecret *struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + } `tfsdk:"key_secret" json:"keySecret,omitempty"` + ServerName *string `tfsdk:"server_name" json:"serverName,omitempty"` + } `tfsdk:"tls_config" json:"tlsConfig,omitempty"` + TokenRef *struct { Key *string `tfsdk:"key" json:"key,omitempty"` Name *string `tfsdk:"name" json:"name,omitempty"` Optional *bool `tfsdk:"optional" json:"optional,omitempty"` @@ -208,6 +247,14 @@ func (r *OperatorVictoriametricsComVmuserV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "discover_backend_ips": schema.BoolAttribute{ + Description: "DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.", + MarkdownDescription: "DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.", + Required: false, + Optional: true, + Computed: false, + }, + "drop_src_path_prefix_parts": schema.Int64Attribute{ Description: "DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.", MarkdownDescription: "DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.", @@ -393,6 +440,14 @@ func (r *OperatorVictoriametricsComVmuserV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "discover_backend_ips": schema.BoolAttribute{ + Description: "DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.", + MarkdownDescription: "DiscoverBackendIPs instructs discovering URLPrefix backend IPs via DNS.", + Required: false, + Optional: true, + Computed: false, + }, + "drop_src_path_prefix_parts": schema.Int64Attribute{ Description: "DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.", MarkdownDescription: "DropSrcPathPrefixParts is the number of '/'-delimited request path prefix parts to drop before proxying the request to backend.See https://docs.victoriametrics.com/vmauth.html#dropping-request-path-prefix for more details.", @@ -402,8 +457,8 @@ func (r *OperatorVictoriametricsComVmuserV1Beta1Manifest) Schema(_ context.Conte }, "headers": schema.ListAttribute{ - Description: "Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", - MarkdownDescription: "Headers represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", + Description: "RequestHeaders represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", + MarkdownDescription: "RequestHeaders represent additional http headers, that vmauth usesin form of ['header_key: header_value']multiple values for header key:['header_key: value1,value2']it's available since 1.68.0 version of vmauth", ElementType: types.StringType, Required: false, Optional: true, @@ -457,6 +512,24 @@ func (r *OperatorVictoriametricsComVmuserV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, + "src_headers": schema.ListAttribute{ + Description: "SrcHeaders is an optional list of headers, which must match request headers.", + MarkdownDescription: "SrcHeaders is an optional list of headers, which must match request headers.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "src_query_args": schema.ListAttribute{ + Description: "SrcQueryArgs is an optional list of query args, which must match request URL query args.", + MarkdownDescription: "SrcQueryArgs is an optional list of query args, which must match request URL query args.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "static": schema.SingleNestedAttribute{ Description: "Static - user defined url for traffic forward,for instance http://vmsingle:8429", MarkdownDescription: "Static - user defined url for traffic forward,for instance http://vmsingle:8429", @@ -559,8 +632,8 @@ func (r *OperatorVictoriametricsComVmuserV1Beta1Manifest) Schema(_ context.Conte }, "target_path_suffix": schema.StringAttribute{ - Description: "QueryParams []string 'json:'queryParams,omitempty''TargetPathSuffix allows to add some suffix to the target pathIt allows to hide tenant configuration from user with crd as ref.it also may contain any url encoded params.", - MarkdownDescription: "QueryParams []string 'json:'queryParams,omitempty''TargetPathSuffix allows to add some suffix to the target pathIt allows to hide tenant configuration from user with crd as ref.it also may contain any url encoded params.", + Description: "TargetPathSuffix allows to add some suffix to the target pathIt allows to hide tenant configuration from user with crd as ref.it also may contain any url encoded params.", + MarkdownDescription: "TargetPathSuffix allows to add some suffix to the target pathIt allows to hide tenant configuration from user with crd as ref.it also may contain any url encoded params.", Required: false, Optional: true, Computed: false, @@ -572,12 +645,236 @@ func (r *OperatorVictoriametricsComVmuserV1Beta1Manifest) Schema(_ context.Conte Computed: false, }, - "tls_insecure_skip_verify": schema.BoolAttribute{ - Description: "TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS.See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup", - MarkdownDescription: "TLSInsecureSkipVerify - whether to skip TLS verification when connecting to backend over HTTPS.See https://docs.victoriametrics.com/vmauth.html#backend-tls-setup", - Required: false, - Optional: true, - Computed: false, + "tls_config": schema.SingleNestedAttribute{ + Description: "TLSConfig specifies TLSConfig configuration parameters.", + MarkdownDescription: "TLSConfig specifies TLSConfig configuration parameters.", + Attributes: map[string]schema.Attribute{ + "ca": schema.SingleNestedAttribute{ + Description: "Stuct containing the CA cert to use for the targets.", + MarkdownDescription: "Stuct containing the CA cert to use for the targets.", + Attributes: map[string]schema.Attribute{ + "config_map": schema.SingleNestedAttribute{ + Description: "ConfigMap containing data to use for the targets.", + MarkdownDescription: "ConfigMap containing data to use for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key to select.", + MarkdownDescription: "The key to select.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the ConfigMap or its key must be defined", + MarkdownDescription: "Specify whether the ConfigMap or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "secret": schema.SingleNestedAttribute{ + Description: "Secret containing data to use for the targets.", + MarkdownDescription: "Secret containing data to use for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key of the secret to select from. Must be a valid secret key.", + MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the Secret or its key must be defined", + MarkdownDescription: "Specify whether the Secret or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "ca_file": schema.StringAttribute{ + Description: "Path to the CA cert in the container to use for the targets.", + MarkdownDescription: "Path to the CA cert in the container to use for the targets.", + Required: false, + Optional: true, + Computed: false, + }, + + "cert": schema.SingleNestedAttribute{ + Description: "Struct containing the client cert file for the targets.", + MarkdownDescription: "Struct containing the client cert file for the targets.", + Attributes: map[string]schema.Attribute{ + "config_map": schema.SingleNestedAttribute{ + Description: "ConfigMap containing data to use for the targets.", + MarkdownDescription: "ConfigMap containing data to use for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key to select.", + MarkdownDescription: "The key to select.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the ConfigMap or its key must be defined", + MarkdownDescription: "Specify whether the ConfigMap or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "secret": schema.SingleNestedAttribute{ + Description: "Secret containing data to use for the targets.", + MarkdownDescription: "Secret containing data to use for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key of the secret to select from. Must be a valid secret key.", + MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the Secret or its key must be defined", + MarkdownDescription: "Specify whether the Secret or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "cert_file": schema.StringAttribute{ + Description: "Path to the client cert file in the container for the targets.", + MarkdownDescription: "Path to the client cert file in the container for the targets.", + Required: false, + Optional: true, + Computed: false, + }, + + "insecure_skip_verify": schema.BoolAttribute{ + Description: "Disable target certificate validation.", + MarkdownDescription: "Disable target certificate validation.", + Required: false, + Optional: true, + Computed: false, + }, + + "key_file": schema.StringAttribute{ + Description: "Path to the client key file in the container for the targets.", + MarkdownDescription: "Path to the client key file in the container for the targets.", + Required: false, + Optional: true, + Computed: false, + }, + + "key_secret": schema.SingleNestedAttribute{ + Description: "Secret containing the client key file for the targets.", + MarkdownDescription: "Secret containing the client key file for the targets.", + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "The key of the secret to select from. Must be a valid secret key.", + MarkdownDescription: "The key of the secret to select from. Must be a valid secret key.", + Required: true, + Optional: false, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + MarkdownDescription: "Name of the referent.More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#namesTODO: Add other useful fields. apiVersion, kind, uid?", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "Specify whether the Secret or its key must be defined", + MarkdownDescription: "Specify whether the Secret or its key must be defined", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "server_name": schema.StringAttribute{ + Description: "Used to verify the hostname for the targets.", + MarkdownDescription: "Used to verify the hostname for the targets.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, }, "token_ref": schema.SingleNestedAttribute{ diff --git a/internal/provider/pgv2_percona_com_v2/pgv2_percona_com_percona_pg_cluster_v2_manifest.go b/internal/provider/pgv2_percona_com_v2/pgv2_percona_com_percona_pg_cluster_v2_manifest.go index d4e100ea1..3720546b6 100644 --- a/internal/provider/pgv2_percona_com_v2/pgv2_percona_com_percona_pg_cluster_v2_manifest.go +++ b/internal/provider/pgv2_percona_com_v2/pgv2_percona_com_percona_pg_cluster_v2_manifest.go @@ -48,6 +48,20 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Backups *struct { Pgbackrest *struct { Configuration *[]struct { + ClusterTrustBundle *struct { + LabelSelector *struct { + MatchExpressions *[]struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Operator *string `tfsdk:"operator" json:"operator,omitempty"` + Values *[]string `tfsdk:"values" json:"values,omitempty"` + } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` + MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` + } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + Path *string `tfsdk:"path" json:"path,omitempty"` + SignerName *string `tfsdk:"signer_name" json:"signerName,omitempty"` + } `tfsdk:"cluster_trust_bundle" json:"clusterTrustBundle,omitempty"` ConfigMap *struct { Items *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -133,6 +147,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -155,6 +171,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -178,6 +196,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -200,6 +220,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -222,6 +244,10 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -310,6 +336,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -332,6 +360,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -355,6 +385,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -377,6 +409,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -399,6 +433,10 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -502,9 +540,6 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` } `tfsdk:"data_source_ref" json:"dataSourceRef,omitempty"` Resources *struct { - Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` @@ -516,9 +551,10 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"selector" json:"selector,omitempty"` - StorageClassName *string `tfsdk:"storage_class_name" json:"storageClassName,omitempty"` - VolumeMode *string `tfsdk:"volume_mode" json:"volumeMode,omitempty"` - VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` + StorageClassName *string `tfsdk:"storage_class_name" json:"storageClassName,omitempty"` + VolumeAttributesClassName *string `tfsdk:"volume_attributes_class_name" json:"volumeAttributesClassName,omitempty"` + VolumeMode *string `tfsdk:"volume_mode" json:"volumeMode,omitempty"` + VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` } `tfsdk:"volume_claim_spec" json:"volumeClaimSpec,omitempty"` } `tfsdk:"volume" json:"volume,omitempty"` } `tfsdk:"repos" json:"repos,omitempty"` @@ -566,6 +602,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -588,6 +626,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -611,6 +651,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -633,6 +675,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -735,6 +779,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -757,6 +803,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -780,6 +828,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -802,6 +852,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -816,6 +868,20 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"pod_anti_affinity" json:"podAntiAffinity,omitempty"` } `tfsdk:"affinity" json:"affinity,omitempty"` Configuration *[]struct { + ClusterTrustBundle *struct { + LabelSelector *struct { + MatchExpressions *[]struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Operator *string `tfsdk:"operator" json:"operator,omitempty"` + Values *[]string `tfsdk:"values" json:"values,omitempty"` + } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` + MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` + } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + Path *string `tfsdk:"path" json:"path,omitempty"` + SignerName *string `tfsdk:"signer_name" json:"signerName,omitempty"` + } `tfsdk:"cluster_trust_bundle" json:"clusterTrustBundle,omitempty"` ConfigMap *struct { Items *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -891,9 +957,6 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` } `tfsdk:"data_source_ref" json:"dataSourceRef,omitempty"` Resources *struct { - Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` @@ -905,9 +968,10 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"selector" json:"selector,omitempty"` - StorageClassName *string `tfsdk:"storage_class_name" json:"storageClassName,omitempty"` - VolumeMode *string `tfsdk:"volume_mode" json:"volumeMode,omitempty"` - VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` + StorageClassName *string `tfsdk:"storage_class_name" json:"storageClassName,omitempty"` + VolumeAttributesClassName *string `tfsdk:"volume_attributes_class_name" json:"volumeAttributesClassName,omitempty"` + VolumeMode *string `tfsdk:"volume_mode" json:"volumeMode,omitempty"` + VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` } `tfsdk:"volume_claim_spec" json:"volumeClaimSpec,omitempty"` } `tfsdk:"volume" json:"volume,omitempty"` } `tfsdk:"repo" json:"repo,omitempty"` @@ -971,6 +1035,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -993,6 +1059,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1016,6 +1084,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1038,6 +1108,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1180,6 +1252,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1202,6 +1276,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1225,6 +1301,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1247,6 +1325,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -1274,9 +1354,6 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` } `tfsdk:"data_source_ref" json:"dataSourceRef,omitempty"` Resources *struct { - Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` @@ -1288,9 +1365,10 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"selector" json:"selector,omitempty"` - StorageClassName *string `tfsdk:"storage_class_name" json:"storageClassName,omitempty"` - VolumeMode *string `tfsdk:"volume_mode" json:"volumeMode,omitempty"` - VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` + StorageClassName *string `tfsdk:"storage_class_name" json:"storageClassName,omitempty"` + VolumeAttributesClassName *string `tfsdk:"volume_attributes_class_name" json:"volumeAttributesClassName,omitempty"` + VolumeMode *string `tfsdk:"volume_mode" json:"volumeMode,omitempty"` + VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` } `tfsdk:"data_volume_claim_spec" json:"dataVolumeClaimSpec,omitempty"` InitContainers *[]struct { Args *[]string `tfsdk:"args" json:"args,omitempty"` @@ -1348,6 +1426,9 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Port *string `tfsdk:"port" json:"port,omitempty"` Scheme *string `tfsdk:"scheme" json:"scheme,omitempty"` } `tfsdk:"http_get" json:"httpGet,omitempty"` + Sleep *struct { + Seconds *int64 `tfsdk:"seconds" json:"seconds,omitempty"` + } `tfsdk:"sleep" json:"sleep,omitempty"` TcpSocket *struct { Host *string `tfsdk:"host" json:"host,omitempty"` Port *string `tfsdk:"port" json:"port,omitempty"` @@ -1367,6 +1448,9 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Port *string `tfsdk:"port" json:"port,omitempty"` Scheme *string `tfsdk:"scheme" json:"scheme,omitempty"` } `tfsdk:"http_get" json:"httpGet,omitempty"` + Sleep *struct { + Seconds *int64 `tfsdk:"seconds" json:"seconds,omitempty"` + } `tfsdk:"sleep" json:"sleep,omitempty"` TcpSocket *struct { Host *string `tfsdk:"host" json:"host,omitempty"` Port *string `tfsdk:"port" json:"port,omitempty"` @@ -1453,7 +1537,11 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1519,12 +1607,13 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"init_containers" json:"initContainers,omitempty"` @@ -1544,6 +1633,10 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -1627,6 +1720,9 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Port *string `tfsdk:"port" json:"port,omitempty"` Scheme *string `tfsdk:"scheme" json:"scheme,omitempty"` } `tfsdk:"http_get" json:"httpGet,omitempty"` + Sleep *struct { + Seconds *int64 `tfsdk:"seconds" json:"seconds,omitempty"` + } `tfsdk:"sleep" json:"sleep,omitempty"` TcpSocket *struct { Host *string `tfsdk:"host" json:"host,omitempty"` Port *string `tfsdk:"port" json:"port,omitempty"` @@ -1646,6 +1742,9 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Port *string `tfsdk:"port" json:"port,omitempty"` Scheme *string `tfsdk:"scheme" json:"scheme,omitempty"` } `tfsdk:"http_get" json:"httpGet,omitempty"` + Sleep *struct { + Seconds *int64 `tfsdk:"seconds" json:"seconds,omitempty"` + } `tfsdk:"sleep" json:"sleep,omitempty"` TcpSocket *struct { Host *string `tfsdk:"host" json:"host,omitempty"` Port *string `tfsdk:"port" json:"port,omitempty"` @@ -1732,7 +1831,11 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1798,12 +1901,13 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"sidecars" json:"sidecars,omitempty"` @@ -1832,12 +1936,13 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { WhenUnsatisfiable *string `tfsdk:"when_unsatisfiable" json:"whenUnsatisfiable,omitempty"` } `tfsdk:"topology_spread_constraints" json:"topologySpreadConstraints,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WalVolumeClaimSpec *struct { AccessModes *[]string `tfsdk:"access_modes" json:"accessModes,omitempty"` @@ -1853,9 +1958,6 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Namespace *string `tfsdk:"namespace" json:"namespace,omitempty"` } `tfsdk:"data_source_ref" json:"dataSourceRef,omitempty"` Resources *struct { - Claims *[]struct { - Name *string `tfsdk:"name" json:"name,omitempty"` - } `tfsdk:"claims" json:"claims,omitempty"` Limits *map[string]string `tfsdk:"limits" json:"limits,omitempty"` Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` @@ -1867,9 +1969,10 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"selector" json:"selector,omitempty"` - StorageClassName *string `tfsdk:"storage_class_name" json:"storageClassName,omitempty"` - VolumeMode *string `tfsdk:"volume_mode" json:"volumeMode,omitempty"` - VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` + StorageClassName *string `tfsdk:"storage_class_name" json:"storageClassName,omitempty"` + VolumeAttributesClassName *string `tfsdk:"volume_attributes_class_name" json:"volumeAttributesClassName,omitempty"` + VolumeMode *string `tfsdk:"volume_mode" json:"volumeMode,omitempty"` + VolumeName *string `tfsdk:"volume_name" json:"volumeName,omitempty"` } `tfsdk:"wal_volume_claim_spec" json:"walVolumeClaimSpec,omitempty"` } `tfsdk:"instances" json:"instances,omitempty"` Metadata *struct { @@ -1892,7 +1995,11 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Pmm *struct { ContainerSecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -1980,6 +2087,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -2002,6 +2111,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -2025,6 +2136,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -2047,6 +2160,8 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + MatchLabelKeys *[]string `tfsdk:"match_label_keys" json:"matchLabelKeys,omitempty"` + MismatchLabelKeys *[]string `tfsdk:"mismatch_label_keys" json:"mismatchLabelKeys,omitempty"` NamespaceSelector *struct { MatchExpressions *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -2063,6 +2178,20 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Config *struct { Databases *map[string]string `tfsdk:"databases" json:"databases,omitempty"` Files *[]struct { + ClusterTrustBundle *struct { + LabelSelector *struct { + MatchExpressions *[]struct { + Key *string `tfsdk:"key" json:"key,omitempty"` + Operator *string `tfsdk:"operator" json:"operator,omitempty"` + Values *[]string `tfsdk:"values" json:"values,omitempty"` + } `tfsdk:"match_expressions" json:"matchExpressions,omitempty"` + MatchLabels *map[string]string `tfsdk:"match_labels" json:"matchLabels,omitempty"` + } `tfsdk:"label_selector" json:"labelSelector,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + Optional *bool `tfsdk:"optional" json:"optional,omitempty"` + Path *string `tfsdk:"path" json:"path,omitempty"` + SignerName *string `tfsdk:"signer_name" json:"signerName,omitempty"` + } `tfsdk:"cluster_trust_bundle" json:"clusterTrustBundle,omitempty"` ConfigMap *struct { Items *[]struct { Key *string `tfsdk:"key" json:"key,omitempty"` @@ -2139,6 +2268,10 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Requests *map[string]string `tfsdk:"requests" json:"requests,omitempty"` } `tfsdk:"resources" json:"resources,omitempty"` SecurityContext *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` FsGroup *int64 `tfsdk:"fs_group" json:"fsGroup,omitempty"` FsGroupChangePolicy *string `tfsdk:"fs_group_change_policy" json:"fsGroupChangePolicy,omitempty"` RunAsGroup *int64 `tfsdk:"run_as_group" json:"runAsGroup,omitempty"` @@ -2222,6 +2355,9 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Port *string `tfsdk:"port" json:"port,omitempty"` Scheme *string `tfsdk:"scheme" json:"scheme,omitempty"` } `tfsdk:"http_get" json:"httpGet,omitempty"` + Sleep *struct { + Seconds *int64 `tfsdk:"seconds" json:"seconds,omitempty"` + } `tfsdk:"sleep" json:"sleep,omitempty"` TcpSocket *struct { Host *string `tfsdk:"host" json:"host,omitempty"` Port *string `tfsdk:"port" json:"port,omitempty"` @@ -2241,6 +2377,9 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Port *string `tfsdk:"port" json:"port,omitempty"` Scheme *string `tfsdk:"scheme" json:"scheme,omitempty"` } `tfsdk:"http_get" json:"httpGet,omitempty"` + Sleep *struct { + Seconds *int64 `tfsdk:"seconds" json:"seconds,omitempty"` + } `tfsdk:"sleep" json:"sleep,omitempty"` TcpSocket *struct { Host *string `tfsdk:"host" json:"host,omitempty"` Port *string `tfsdk:"port" json:"port,omitempty"` @@ -2327,7 +2466,11 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { RestartPolicy *string `tfsdk:"restart_policy" json:"restartPolicy,omitempty"` SecurityContext *struct { AllowPrivilegeEscalation *bool `tfsdk:"allow_privilege_escalation" json:"allowPrivilegeEscalation,omitempty"` - Capabilities *struct { + AppArmorProfile *struct { + LocalhostProfile *string `tfsdk:"localhost_profile" json:"localhostProfile,omitempty"` + Type *string `tfsdk:"type" json:"type,omitempty"` + } `tfsdk:"app_armor_profile" json:"appArmorProfile,omitempty"` + Capabilities *struct { Add *[]string `tfsdk:"add" json:"add,omitempty"` Drop *[]string `tfsdk:"drop" json:"drop,omitempty"` } `tfsdk:"capabilities" json:"capabilities,omitempty"` @@ -2393,12 +2536,13 @@ type Pgv2PerconaComPerconaPgclusterV2ManifestData struct { Name *string `tfsdk:"name" json:"name,omitempty"` } `tfsdk:"volume_devices" json:"volumeDevices,omitempty"` VolumeMounts *[]struct { - MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` - MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` - Name *string `tfsdk:"name" json:"name,omitempty"` - ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` - SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` - SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` + MountPath *string `tfsdk:"mount_path" json:"mountPath,omitempty"` + MountPropagation *string `tfsdk:"mount_propagation" json:"mountPropagation,omitempty"` + Name *string `tfsdk:"name" json:"name,omitempty"` + ReadOnly *bool `tfsdk:"read_only" json:"readOnly,omitempty"` + RecursiveReadOnly *string `tfsdk:"recursive_read_only" json:"recursiveReadOnly,omitempty"` + SubPath *string `tfsdk:"sub_path" json:"subPath,omitempty"` + SubPathExpr *string `tfsdk:"sub_path_expr" json:"subPathExpr,omitempty"` } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"sidecars" json:"sidecars,omitempty"` @@ -2557,6 +2701,101 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Projected volumes containing custom pgBackRest configuration. These files are mountedunder '/etc/pgbackrest/conf.d' alongside any pgBackRest configuration generated by thePostgreSQL Operator:https://pgbackrest.org/configuration.html", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ + "cluster_trust_bundle": schema.SingleNestedAttribute{ + Description: "ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time.", + MarkdownDescription: "ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time.", + Attributes: map[string]schema.Attribute{ + "label_selector": schema.SingleNestedAttribute{ + Description: "Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'.", + MarkdownDescription: "Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'.", + Attributes: map[string]schema.Attribute{ + "match_expressions": schema.ListNestedAttribute{ + Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + MarkdownDescription: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "key is the label key that the selector applies to.", + MarkdownDescription: "key is the label key that the selector applies to.", + Required: true, + Optional: false, + Computed: false, + }, + + "operator": schema.StringAttribute{ + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Required: true, + Optional: false, + Computed: false, + }, + + "values": schema.ListAttribute{ + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "match_labels": schema.MapAttribute{ + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector.", + MarkdownDescription: "Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector.", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles.", + MarkdownDescription: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles.", + Required: false, + Optional: true, + Computed: false, + }, + + "path": schema.StringAttribute{ + Description: "Relative path from the volume root to write the bundle.", + MarkdownDescription: "Relative path from the volume root to write the bundle.", + Required: true, + Optional: false, + Computed: false, + }, + + "signer_name": schema.StringAttribute{ + Description: "Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated.", + MarkdownDescription: "Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "config_map": schema.SingleNestedAttribute{ Description: "configMap information about the configMap data to project", MarkdownDescription: "configMap information about the configMap data to project", @@ -2627,8 +2866,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -3050,8 +3289,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3103,6 +3342,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -3199,8 +3456,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3252,6 +3509,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -3348,8 +3623,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3401,6 +3676,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -3497,8 +3790,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -3550,6 +3843,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -3695,6 +4006,31 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Description: "SecurityContext defines the security settings for PGBackRest pod.", MarkdownDescription: "SecurityContext defines the security settings for PGBackRest pod.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -4229,8 +4565,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -4282,6 +4618,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -4378,8 +4732,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -4431,6 +4785,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -4527,8 +4899,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -4580,6 +4952,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -4676,8 +5066,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -4729,6 +5119,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -4874,13 +5282,38 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Description: "SecurityContext defines the security settings for PGBackRest pod.", MarkdownDescription: "SecurityContext defines the security settings for PGBackRest pod.", Attributes: map[string]schema.Attribute{ - "fs_group": schema.Int64Attribute{ - Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", - MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", - Required: false, - Optional: true, - Computed: false, - }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "fs_group": schema.Int64Attribute{ + Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", + Required: false, + Optional: true, + Computed: false, + }, "fs_group_change_policy": schema.StringAttribute{ Description: "fsGroupChangePolicy defines behavior of changing ownership and permission of the volumebefore being exposed inside Pod. This field will only apply tovolume types which support fsGroup based ownership(and permissions).It will have no effect on ephemeral volume types such as: secret, configmapsand emptydir.Valid values are 'OnRootMismatch' and 'Always'. If not specified, 'Always' is used.Note that this field cannot be set when spec.os.name is windows.", @@ -5310,8 +5743,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -5580,25 +6013,6 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Description: "resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", MarkdownDescription: "resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", Attributes: map[string]schema.Attribute{ - "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "limits": schema.MapAttribute{ Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", @@ -5684,6 +6098,14 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "volume_attributes_class_name": schema.StringAttribute{ + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Required: false, + Optional: true, + Computed: false, + }, + "volume_mode": schema.StringAttribute{ Description: "volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec.", MarkdownDescription: "volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec.", @@ -5939,8 +6361,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -5992,6 +6414,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -6088,8 +6528,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -6141,6 +6581,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -6237,8 +6695,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -6290,6 +6748,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -6386,8 +6862,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -6439,6 +6915,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -7044,8 +7538,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7097,6 +7591,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -7193,8 +7705,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7246,6 +7758,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -7342,8 +7872,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7395,6 +7925,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -7491,8 +8039,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -7544,6 +8092,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -7636,6 +8202,101 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Projected volumes containing custom pgBackRest configuration. These files are mountedunder '/etc/pgbackrest/conf.d' alongside any pgBackRest configuration generated by thePostgreSQL Operator:https://pgbackrest.org/configuration.html", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ + "cluster_trust_bundle": schema.SingleNestedAttribute{ + Description: "ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time.", + MarkdownDescription: "ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time.", + Attributes: map[string]schema.Attribute{ + "label_selector": schema.SingleNestedAttribute{ + Description: "Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'.", + MarkdownDescription: "Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'.", + Attributes: map[string]schema.Attribute{ + "match_expressions": schema.ListNestedAttribute{ + Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + MarkdownDescription: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "key is the label key that the selector applies to.", + MarkdownDescription: "key is the label key that the selector applies to.", + Required: true, + Optional: false, + Computed: false, + }, + + "operator": schema.StringAttribute{ + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Required: true, + Optional: false, + Computed: false, + }, + + "values": schema.ListAttribute{ + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "match_labels": schema.MapAttribute{ + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector.", + MarkdownDescription: "Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector.", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles.", + MarkdownDescription: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles.", + Required: false, + Optional: true, + Computed: false, + }, + + "path": schema.StringAttribute{ + Description: "Relative path from the volume root to write the bundle.", + MarkdownDescription: "Relative path from the volume root to write the bundle.", + Required: true, + Optional: false, + Computed: false, + }, + + "signer_name": schema.StringAttribute{ + Description: "Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated.", + MarkdownDescription: "Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "config_map": schema.SingleNestedAttribute{ Description: "configMap information about the configMap data to project", MarkdownDescription: "configMap information about the configMap data to project", @@ -7706,8 +8367,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -8134,25 +8795,6 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Description: "resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", MarkdownDescription: "resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", Attributes: map[string]schema.Attribute{ - "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "limits": schema.MapAttribute{ Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", @@ -8238,6 +8880,14 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "volume_attributes_class_name": schema.StringAttribute{ + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Required: false, + Optional: true, + Computed: false, + }, + "volume_mode": schema.StringAttribute{ Description: "volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec.", MarkdownDescription: "volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec.", @@ -8602,8 +9252,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -8655,6 +9305,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -8751,8 +9419,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -8804,6 +9472,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -8900,8 +9586,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -8953,6 +9639,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -9049,8 +9753,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -9102,6 +9806,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -10002,8 +10724,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -10055,6 +10777,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -10151,8 +10891,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -10204,6 +10944,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -10300,8 +11058,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -10353,6 +11111,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -10449,8 +11225,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -10502,6 +11278,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -10680,25 +11474,6 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Description: "resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", MarkdownDescription: "resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", Attributes: map[string]schema.Attribute{ - "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "limits": schema.MapAttribute{ Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", @@ -10784,6 +11559,14 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "volume_attributes_class_name": schema.StringAttribute{ + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Required: false, + Optional: true, + Computed: false, + }, + "volume_mode": schema.StringAttribute{ Description: "volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec.", MarkdownDescription: "volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec.", @@ -11167,6 +11950,23 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "sleep": schema.SingleNestedAttribute{ + Description: "Sleep represents the duration that the container should sleep before being terminated.", + MarkdownDescription: "Sleep represents the duration that the container should sleep before being terminated.", + Attributes: map[string]schema.Attribute{ + "seconds": schema.Int64Attribute{ + Description: "Seconds is the number of seconds to sleep.", + MarkdownDescription: "Seconds is the number of seconds to sleep.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "tcp_socket": schema.SingleNestedAttribute{ Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", @@ -11287,6 +12087,23 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "sleep": schema.SingleNestedAttribute{ + Description: "Sleep represents the duration that the container should sleep before being terminated.", + MarkdownDescription: "Sleep represents the duration that the container should sleep before being terminated.", + Attributes: map[string]schema.Attribute{ + "seconds": schema.Int64Attribute{ + Description: "Seconds is the number of seconds to sleep.", + MarkdownDescription: "Seconds is the number of seconds to sleep.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "tcp_socket": schema.SingleNestedAttribute{ Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", @@ -11860,6 +12677,31 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -12321,8 +13163,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -12344,6 +13186,14 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -12495,6 +13345,31 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Description: "SecurityContext defines the security settings for a PostgreSQL pod.", MarkdownDescription: "SecurityContext defines the security settings for a PostgreSQL pod.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -13045,6 +13920,23 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "sleep": schema.SingleNestedAttribute{ + Description: "Sleep represents the duration that the container should sleep before being terminated.", + MarkdownDescription: "Sleep represents the duration that the container should sleep before being terminated.", + Attributes: map[string]schema.Attribute{ + "seconds": schema.Int64Attribute{ + Description: "Seconds is the number of seconds to sleep.", + MarkdownDescription: "Seconds is the number of seconds to sleep.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "tcp_socket": schema.SingleNestedAttribute{ Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", @@ -13165,6 +14057,23 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "sleep": schema.SingleNestedAttribute{ + Description: "Sleep represents the duration that the container should sleep before being terminated.", + MarkdownDescription: "Sleep represents the duration that the container should sleep before being terminated.", + Attributes: map[string]schema.Attribute{ + "seconds": schema.Int64Attribute{ + Description: "Seconds is the number of seconds to sleep.", + MarkdownDescription: "Seconds is the number of seconds to sleep.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "tcp_socket": schema.SingleNestedAttribute{ Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", @@ -13738,6 +14647,31 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -14199,8 +15133,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -14222,6 +15156,14 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -14386,8 +15328,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, @@ -14445,8 +15387,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -14468,6 +15410,14 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -14581,25 +15531,6 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Description: "resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", MarkdownDescription: "resources represents the minimum resources the volume should have.If RecoverVolumeExpansionFailure feature is enabled users are allowed to specify resource requirementsthat are lower than previous value but must still be higher than capacity recorded in thestatus field of the claim.More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources", Attributes: map[string]schema.Attribute{ - "claims": schema.ListNestedAttribute{ - Description: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - MarkdownDescription: "Claims lists the names of resources, defined in spec.resourceClaims,that are used by this container.This is an alpha field and requires enabling theDynamicResourceAllocation feature gate.This field is immutable. It can only be set for containers.", - NestedObject: schema.NestedAttributeObject{ - Attributes: map[string]schema.Attribute{ - "name": schema.StringAttribute{ - Description: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - MarkdownDescription: "Name must match the name of one entry in pod.spec.resourceClaims ofthe Pod where this field is used. It makes that resource availableinside a container.", - Required: true, - Optional: false, - Computed: false, - }, - }, - }, - Required: false, - Optional: true, - Computed: false, - }, - "limits": schema.MapAttribute{ Description: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", MarkdownDescription: "Limits describes the maximum amount of compute resources allowed.More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/", @@ -14685,6 +15616,14 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "volume_attributes_class_name": schema.StringAttribute{ + Description: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + MarkdownDescription: "volumeAttributesClassName may be used to set the VolumeAttributesClass used by this claim.If specified, the CSI driver will create or update the volume with the attributes definedin the corresponding VolumeAttributesClass. This has a different purpose than storageClassName,it can be changed after the claim is created. An empty string value means that no VolumeAttributesClasswill be applied to the claim but it's not allowed to reset this field to empty string once it is set.If unspecified and the PersistentVolumeClaim is unbound, the default VolumeAttributesClasswill be set by the persistentvolume controller if it exists.If the resource referred to by volumeAttributesClass does not exist, this PersistentVolumeClaim will beset to a Pending state, as reflected by the modifyVolumeStatus field, until such as a resourceexists.More info: https://kubernetes.io/docs/concepts/storage/volume-attributes-classes/(Alpha) Using this field requires the VolumeAttributesClass feature gate to be enabled.", + Required: false, + Optional: true, + Computed: false, + }, + "volume_mode": schema.StringAttribute{ Description: "volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec.", MarkdownDescription: "volumeMode defines what type of volume is required by the claim.Value of Filesystem is implied when not included in claim spec.", @@ -14858,6 +15797,31 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -15397,8 +16361,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -15450,6 +16414,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -15546,8 +16528,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -15599,6 +16581,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -15695,8 +16695,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Required. A pod affinity term, associated with the corresponding weight.", Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -15748,6 +16748,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -15844,8 +16862,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "label_selector": schema.SingleNestedAttribute{ - Description: "A label query over a set of resources, in this case pods.", - MarkdownDescription: "A label query over a set of resources, in this case pods.", + Description: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", + MarkdownDescription: "A label query over a set of resources, in this case pods.If it's null, this PodAffinityTerm matches with no Pods.", Attributes: map[string]schema.Attribute{ "match_expressions": schema.ListNestedAttribute{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", @@ -15897,6 +16915,24 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "match_label_keys": schema.ListAttribute{ + Description: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key in (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both matchLabelKeys and labelSelector.Also, matchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + + "mismatch_label_keys": schema.ListAttribute{ + Description: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + MarkdownDescription: "MismatchLabelKeys is a set of pod label keys to select which pods willbe taken into consideration. The keys are used to lookup values from theincoming pod labels, those key-value labels are merged with 'labelSelector' as 'key notin (value)'to select the group of existing pods which pods will be taken into considerationfor the incoming pod's pod (anti) affinity. Keys that don't exist in the incomingpod labels will be ignored. The default value is empty.The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.Also, mismatchLabelKeys cannot be set when labelSelector isn't set.This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + "namespace_selector": schema.SingleNestedAttribute{ Description: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", MarkdownDescription: "A label query over the set of namespaces that the term applies to.The term is applied to the union of the namespaces selected by this fieldand the ones listed in the namespaces field.null selector and null or empty namespaces list means 'this pod's namespace'.An empty selector ({}) matches all namespaces.", @@ -16002,6 +17038,101 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d MarkdownDescription: "Files to mount under '/etc/pgbouncer'. When specified, settings in the'pgbouncer.ini' file are loaded before all others. From there, otherfiles may be included by absolute path. Changing these references causesPgBouncer to restart, but changes to the file contents are automaticallyreloaded.More info: https://www.pgbouncer.org/config.html#include-directive", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ + "cluster_trust_bundle": schema.SingleNestedAttribute{ + Description: "ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time.", + MarkdownDescription: "ClusterTrustBundle allows a pod to access the '.spec.trustBundle' fieldof ClusterTrustBundle objects in an auto-updating file.Alpha, gated by the ClusterTrustBundleProjection feature gate.ClusterTrustBundle objects can either be selected by name, or by thecombination of signer name and a label selector.Kubelet performs aggressive normalization of the PEM contents writteninto the pod filesystem. Esoteric PEM features such as inter-blockcomments and block headers are stripped. Certificates are deduplicated.The ordering of certificates within the file is arbitrary, and Kubeletmay change the order over time.", + Attributes: map[string]schema.Attribute{ + "label_selector": schema.SingleNestedAttribute{ + Description: "Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'.", + MarkdownDescription: "Select all ClusterTrustBundles that match this label selector. Only haseffect if signerName is set. Mutually-exclusive with name. If unset,interpreted as 'match nothing'. If set but empty, interpreted as 'matcheverything'.", + Attributes: map[string]schema.Attribute{ + "match_expressions": schema.ListNestedAttribute{ + Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + MarkdownDescription: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", + NestedObject: schema.NestedAttributeObject{ + Attributes: map[string]schema.Attribute{ + "key": schema.StringAttribute{ + Description: "key is the label key that the selector applies to.", + MarkdownDescription: "key is the label key that the selector applies to.", + Required: true, + Optional: false, + Computed: false, + }, + + "operator": schema.StringAttribute{ + Description: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + MarkdownDescription: "operator represents a key's relationship to a set of values.Valid operators are In, NotIn, Exists and DoesNotExist.", + Required: true, + Optional: false, + Computed: false, + }, + + "values": schema.ListAttribute{ + Description: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + MarkdownDescription: "values is an array of string values. If the operator is In or NotIn,the values array must be non-empty. If the operator is Exists or DoesNotExist,the values array must be empty. This array is replaced during a strategicmerge patch.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "match_labels": schema.MapAttribute{ + Description: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + MarkdownDescription: "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabelsmap is equivalent to an element of matchExpressions, whose key field is 'key', theoperator is 'In', and the values array contains only 'value'. The requirements are ANDed.", + ElementType: types.StringType, + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + + "name": schema.StringAttribute{ + Description: "Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector.", + MarkdownDescription: "Select a single ClusterTrustBundle by object name. Mutually-exclusivewith signerName and labelSelector.", + Required: false, + Optional: true, + Computed: false, + }, + + "optional": schema.BoolAttribute{ + Description: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles.", + MarkdownDescription: "If true, don't block pod startup if the referenced ClusterTrustBundle(s)aren't available. If using name, then the named ClusterTrustBundle isallowed not to exist. If using signerName, then the combination ofsignerName and labelSelector is allowed to match zeroClusterTrustBundles.", + Required: false, + Optional: true, + Computed: false, + }, + + "path": schema.StringAttribute{ + Description: "Relative path from the volume root to write the bundle.", + MarkdownDescription: "Relative path from the volume root to write the bundle.", + Required: true, + Optional: false, + Computed: false, + }, + + "signer_name": schema.StringAttribute{ + Description: "Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated.", + MarkdownDescription: "Select all ClusterTrustBundles that match this signer name.Mutually-exclusive with name. The contents of all selectedClusterTrustBundles will be unified and deduplicated.", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "config_map": schema.SingleNestedAttribute{ Description: "configMap information about the configMap data to project", MarkdownDescription: "configMap information about the configMap data to project", @@ -16072,8 +17203,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "field_ref": schema.SingleNestedAttribute{ - Description: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", - MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.", + Description: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", + MarkdownDescription: "Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.", Attributes: map[string]schema.Attribute{ "api_version": schema.StringAttribute{ Description: "Version of the schema the FieldPath is written in terms of, defaults to 'v1'.", @@ -16524,6 +17655,31 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Description: "SecurityContext defines the security settings for PGBouncer pods.", MarkdownDescription: "SecurityContext defines the security settings for PGBouncer pods.", Attributes: map[string]schema.Attribute{ + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by the containers in this pod.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "fs_group": schema.Int64Attribute{ Description: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "A special supplemental group that applies to all containers in a pod.Some volume types allow the Kubelet to change the ownership of that volumeto be owned by the pod:1. The owning GID will be the FSGroup2. The setgid bit is set (new files created in the volume will be owned by FSGroup)3. The permission bits are OR'd with rw-rw----If unset, the Kubelet will not modify the ownership and permissions of any volume.Note that this field cannot be set when spec.os.name is windows.", @@ -17074,6 +18230,23 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "sleep": schema.SingleNestedAttribute{ + Description: "Sleep represents the duration that the container should sleep before being terminated.", + MarkdownDescription: "Sleep represents the duration that the container should sleep before being terminated.", + Attributes: map[string]schema.Attribute{ + "seconds": schema.Int64Attribute{ + Description: "Seconds is the number of seconds to sleep.", + MarkdownDescription: "Seconds is the number of seconds to sleep.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "tcp_socket": schema.SingleNestedAttribute{ Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", @@ -17194,6 +18367,23 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "sleep": schema.SingleNestedAttribute{ + Description: "Sleep represents the duration that the container should sleep before being terminated.", + MarkdownDescription: "Sleep represents the duration that the container should sleep before being terminated.", + Attributes: map[string]schema.Attribute{ + "seconds": schema.Int64Attribute{ + Description: "Seconds is the number of seconds to sleep.", + MarkdownDescription: "Seconds is the number of seconds to sleep.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "tcp_socket": schema.SingleNestedAttribute{ Description: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", MarkdownDescription: "Deprecated. TCPSocket is NOT supported as a LifecycleHandler and keptfor the backward compatibility. There are no validation of this field andlifecycle hooks will fail in runtime when tcp handler is specified.", @@ -17767,6 +18957,31 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "app_armor_profile": schema.SingleNestedAttribute{ + Description: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + MarkdownDescription: "appArmorProfile is the AppArmor options to use by this container. If set, this profileoverrides the pod's appArmorProfile.Note that this field cannot be set when spec.os.name is windows.", + Attributes: map[string]schema.Attribute{ + "localhost_profile": schema.StringAttribute{ + Description: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + MarkdownDescription: "localhostProfile indicates a profile loaded on the node that should be used.The profile must be preconfigured on the node to work.Must match the loaded name of the profile.Must be set if and only if type is 'Localhost'.", + Required: false, + Optional: true, + Computed: false, + }, + + "type": schema.StringAttribute{ + Description: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + MarkdownDescription: "type indicates which kind of AppArmor profile will be applied.Valid options are: Localhost - a profile pre-loaded on the node. RuntimeDefault - the container runtime's default profile. Unconfined - no AppArmor enforcement.", + Required: true, + Optional: false, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "capabilities": schema.SingleNestedAttribute{ Description: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", MarkdownDescription: "The capabilities to add/drop when running containers.Defaults to the default set of capabilities granted by the container runtime.Note that this field cannot be set when spec.os.name is windows.", @@ -18228,8 +19443,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d }, "mount_propagation": schema.StringAttribute{ - Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", - MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.", + Description: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", + MarkdownDescription: "mountPropagation determines how mounts are propagated from the hostto container and the other way around.When not set, MountPropagationNone is used.This field is beta in 1.10.When RecursiveReadOnly is set to IfPossible or to Enabled, MountPropagation must be None or unspecified(which defaults to None).", Required: false, Optional: true, Computed: false, @@ -18251,6 +19466,14 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d Computed: false, }, + "recursive_read_only": schema.StringAttribute{ + Description: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + MarkdownDescription: "RecursiveReadOnly specifies whether read-only mounts should be handledrecursively.If ReadOnly is false, this field has no meaning and must be unspecified.If ReadOnly is true, and this field is set to Disabled, the mount is not maderecursively read-only. If this field is set to IfPossible, the mount is maderecursively read-only, if it is supported by the container runtime. If thisfield is set to Enabled, the mount is made recursively read-only if it issupported by the container runtime, otherwise the pod will not be started andan error will be generated to indicate the reason.If this field is set to IfPossible or Enabled, MountPropagation must be set toNone (or be unspecified, which defaults to None).If this field is not specified, it is treated as an equivalent of Disabled.", + Required: false, + Optional: true, + Computed: false, + }, + "sub_path": schema.StringAttribute{ Description: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", MarkdownDescription: "Path within the volume from which the container's volume should be mounted.Defaults to '' (volume's root).", @@ -18415,8 +19638,8 @@ func (r *Pgv2PerconaComPerconaPgclusterV2Manifest) Schema(_ context.Context, _ d }, "min_domains": schema.Int64Attribute{ - Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", - MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default).", + Description: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", + MarkdownDescription: "MinDomains indicates a minimum number of eligible domains.When the number of eligible domains with matching topology keys is less than minDomains,Pod Topology Spread treats 'global minimum' as 0, and then the calculation of Skew is performed.And when the number of eligible domains with matching topology keys equals or greater than minDomains,this value has no effect on scheduling.As a result, when the number of eligible domains is less than minDomains,scheduler won't schedule more than maxSkew Pods to those domains.If value is nil, the constraint behaves as if MinDomains is equal to 1.Valid values are integers greater than 0.When value is not nil, WhenUnsatisfiable must be DoNotSchedule.For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the samelabelSelector spread as 2/2/2:| zone1 | zone2 | zone3 || P P | P P | P P |The number of domains is less than 5(MinDomains), so 'global minimum' is treated as 0.In this situation, new pod with the same labelSelector cannot be scheduled,because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones,it will violate MaxSkew.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/provider_data_sources.go b/internal/provider/provider_data_sources.go index 01ca98e8a..f7449d8b8 100644 --- a/internal/provider/provider_data_sources.go +++ b/internal/provider/provider_data_sources.go @@ -218,6 +218,7 @@ import ( "github.com/metio/terraform-provider-k8s/internal/provider/groupsnapshot_storage_k8s_io_v1alpha1" "github.com/metio/terraform-provider-k8s/internal/provider/hazelcast_com_v1alpha1" "github.com/metio/terraform-provider-k8s/internal/provider/helm_sigstore_dev_v1alpha1" + "github.com/metio/terraform-provider-k8s/internal/provider/helm_toolkit_fluxcd_io_v2" "github.com/metio/terraform-provider-k8s/internal/provider/helm_toolkit_fluxcd_io_v2beta1" "github.com/metio/terraform-provider-k8s/internal/provider/helm_toolkit_fluxcd_io_v2beta2" "github.com/metio/terraform-provider-k8s/internal/provider/hive_openshift_io_v1" @@ -1962,6 +1963,8 @@ func allDataSources() []func() datasource.DataSource { hazelcast_com_v1alpha1.NewHazelcastComWanReplicationV1Alpha1Manifest, // helm_sigstore_dev_v1alpha1.NewHelmSigstoreDevRekorV1Alpha1DataSource, helm_sigstore_dev_v1alpha1.NewHelmSigstoreDevRekorV1Alpha1Manifest, + // helm_toolkit_fluxcd_io_v2.NewHelmToolkitFluxcdIoHelmReleaseV2DataSource, + helm_toolkit_fluxcd_io_v2.NewHelmToolkitFluxcdIoHelmReleaseV2Manifest, // helm_toolkit_fluxcd_io_v2beta1.NewHelmToolkitFluxcdIoHelmReleaseV2Beta1DataSource, helm_toolkit_fluxcd_io_v2beta1.NewHelmToolkitFluxcdIoHelmReleaseV2Beta1Manifest, // helm_toolkit_fluxcd_io_v2beta2.NewHelmToolkitFluxcdIoHelmReleaseV2Beta2DataSource, diff --git a/internal/provider/provider_resources.go b/internal/provider/provider_resources.go index e66a096ad..d40a873ed 100644 --- a/internal/provider/provider_resources.go +++ b/internal/provider/provider_resources.go @@ -218,6 +218,7 @@ import ( //"github.com/metio/terraform-provider-k8s/internal/provider/groupsnapshot_storage_k8s_io_v1alpha1" //"github.com/metio/terraform-provider-k8s/internal/provider/hazelcast_com_v1alpha1" //"github.com/metio/terraform-provider-k8s/internal/provider/helm_sigstore_dev_v1alpha1" + //"github.com/metio/terraform-provider-k8s/internal/provider/helm_toolkit_fluxcd_io_v2" //"github.com/metio/terraform-provider-k8s/internal/provider/helm_toolkit_fluxcd_io_v2beta1" //"github.com/metio/terraform-provider-k8s/internal/provider/helm_toolkit_fluxcd_io_v2beta2" //"github.com/metio/terraform-provider-k8s/internal/provider/hive_openshift_io_v1" @@ -1242,6 +1243,7 @@ func allResources() []func() resource.Resource { //hazelcast_com_v1alpha1.NewHazelcastComMapV1Alpha1Resource, //hazelcast_com_v1alpha1.NewHazelcastComWanReplicationV1Alpha1Resource, //helm_sigstore_dev_v1alpha1.NewHelmSigstoreDevRekorV1Alpha1Resource, + //helm_toolkit_fluxcd_io_v2.NewHelmToolkitFluxcdIoHelmReleaseV2Resource, //helm_toolkit_fluxcd_io_v2beta1.NewHelmToolkitFluxcdIoHelmReleaseV2Beta1Resource, //helm_toolkit_fluxcd_io_v2beta2.NewHelmToolkitFluxcdIoHelmReleaseV2Beta2Resource, //hive_openshift_io_v1.NewHiveOpenshiftIoCheckpointV1Resource, diff --git a/internal/provider/scylla_scylladb_com_v1/scylla_scylladb_com_scylla_cluster_v1_manifest.go b/internal/provider/scylla_scylladb_com_v1/scylla_scylladb_com_scylla_cluster_v1_manifest.go index d5388c34f..864217905 100644 --- a/internal/provider/scylla_scylladb_com_v1/scylla_scylladb_com_scylla_cluster_v1_manifest.go +++ b/internal/provider/scylla_scylladb_com_v1/scylla_scylladb_com_scylla_cluster_v1_manifest.go @@ -874,8 +874,8 @@ func (r *ScyllaScylladbComScyllaClusterV1Manifest) Schema(_ context.Context, _ d }, "interval": schema.StringAttribute{ - Description: "interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s.", - MarkdownDescription: "interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s.", + Description: "interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s. Deprecated: please use cron instead.", + MarkdownDescription: "interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s. Deprecated: please use cron instead.", Required: false, Optional: true, Computed: false, @@ -4666,8 +4666,8 @@ func (r *ScyllaScylladbComScyllaClusterV1Manifest) Schema(_ context.Context, _ d }, "interval": schema.StringAttribute{ - Description: "interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s.", - MarkdownDescription: "interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s.", + Description: "interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s. Deprecated: please use cron instead.", + MarkdownDescription: "interval represents a task schedule interval e.g. 3d2h10m, valid units are d, h, m, s. Deprecated: please use cron instead.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest.go b/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest.go index e42e2ab14..278e405c0 100644 --- a/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest.go +++ b/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest.go @@ -380,19 +380,19 @@ func (r *SecretsHashicorpComHcpvaultSecretsAppV1Beta1Manifest) Schema(_ context. NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", + Description: "Kind of the resource", + MarkdownDescription: "Kind of the resource", Required: true, Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("Deployment", "DaemonSet", "StatefulSet"), + stringvalidator.OneOf("Deployment", "DaemonSet", "StatefulSet", "argo.Rollout"), }, }, "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", + Description: "Name of the resource", + MarkdownDescription: "Name of the resource", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest.go b/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest.go index 8d5af11c0..2f0597aaa 100644 --- a/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest.go +++ b/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest.go @@ -444,19 +444,19 @@ func (r *SecretsHashicorpComVaultDynamicSecretV1Beta1Manifest) Schema(_ context. NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", + Description: "Kind of the resource", + MarkdownDescription: "Kind of the resource", Required: true, Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("Deployment", "DaemonSet", "StatefulSet"), + stringvalidator.OneOf("Deployment", "DaemonSet", "StatefulSet", "argo.Rollout"), }, }, "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", + Description: "Name of the resource", + MarkdownDescription: "Name of the resource", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest.go b/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest.go index f59792f2f..7102243a6 100644 --- a/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest.go +++ b/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest.go @@ -495,19 +495,19 @@ func (r *SecretsHashicorpComVaultPkisecretV1Beta1Manifest) Schema(_ context.Cont NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", + Description: "Kind of the resource", + MarkdownDescription: "Kind of the resource", Required: true, Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("Deployment", "DaemonSet", "StatefulSet"), + stringvalidator.OneOf("Deployment", "DaemonSet", "StatefulSet", "argo.Rollout"), }, }, "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", + Description: "Name of the resource", + MarkdownDescription: "Name of the resource", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_static_secret_v1beta1_manifest.go b/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_static_secret_v1beta1_manifest.go index 2013d4b5b..4752d799c 100644 --- a/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_static_secret_v1beta1_manifest.go +++ b/internal/provider/secrets_hashicorp_com_v1beta1/secrets_hashicorp_com_vault_static_secret_v1beta1_manifest.go @@ -402,19 +402,19 @@ func (r *SecretsHashicorpComVaultStaticSecretV1Beta1Manifest) Schema(_ context.C NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "kind": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", + Description: "Kind of the resource", + MarkdownDescription: "Kind of the resource", Required: true, Optional: false, Computed: false, Validators: []validator.String{ - stringvalidator.OneOf("Deployment", "DaemonSet", "StatefulSet"), + stringvalidator.OneOf("Deployment", "DaemonSet", "StatefulSet", "argo.Rollout"), }, }, "name": schema.StringAttribute{ - Description: "", - MarkdownDescription: "", + Description: "Name of the resource", + MarkdownDescription: "Name of the resource", Required: true, Optional: false, Computed: false, diff --git a/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_v1alpha08_manifest.go b/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_v1alpha08_manifest.go index b87c589eb..f81c4e29c 100644 --- a/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_v1alpha08_manifest.go +++ b/internal/provider/sonataflow_org_v1alpha08/sonataflow_org_sonata_flow_v1alpha08_manifest.go @@ -726,7 +726,8 @@ type SonataflowOrgSonataFlowV1Alpha08ManifestData struct { } `tfsdk:"volume_mounts" json:"volumeMounts,omitempty"` WorkingDir *string `tfsdk:"working_dir" json:"workingDir,omitempty"` } `tfsdk:"containers" json:"containers,omitempty"` - DnsConfig *struct { + DeploymentModel *string `tfsdk:"deployment_model" json:"deploymentModel,omitempty"` + DnsConfig *struct { Nameservers *[]string `tfsdk:"nameservers" json:"nameservers,omitempty"` Options *[]struct { Name *string `tfsdk:"name" json:"name,omitempty"` @@ -6009,6 +6010,17 @@ func (r *SonataflowOrgSonataFlowV1Alpha08Manifest) Schema(_ context.Context, _ d Computed: false, }, + "deployment_model": schema.StringAttribute{ + Description: "Defines the kind of deployment model for this pod spec. In dev profile, only 'kubernetes' is valid.", + MarkdownDescription: "Defines the kind of deployment model for this pod spec. In dev profile, only 'kubernetes' is valid.", + Required: false, + Optional: true, + Computed: false, + Validators: []validator.String{ + stringvalidator.OneOf("kubernetes", "knative"), + }, + }, + "dns_config": schema.SingleNestedAttribute{ Description: "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", MarkdownDescription: "Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy.", @@ -7820,8 +7832,8 @@ func (r *SonataflowOrgSonataFlowV1Alpha08Manifest) Schema(_ context.Context, _ d }, "replicas": schema.Int64Attribute{ - Description: "", - MarkdownDescription: "", + Description: "Replicas define the number of pods to start by default for this deployment model. Ignored in 'knative' deployment model.", + MarkdownDescription: "Replicas define the number of pods to start by default for this deployment model. Ignored in 'knative' deployment model.", Required: false, Optional: true, Computed: false, diff --git a/internal/provider/templates_gatekeeper_sh_v1/templates_gatekeeper_sh_constraint_template_v1_manifest.go b/internal/provider/templates_gatekeeper_sh_v1/templates_gatekeeper_sh_constraint_template_v1_manifest.go index 3181aa3c2..e738a260d 100644 --- a/internal/provider/templates_gatekeeper_sh_v1/templates_gatekeeper_sh_constraint_template_v1_manifest.go +++ b/internal/provider/templates_gatekeeper_sh_v1/templates_gatekeeper_sh_constraint_template_v1_manifest.go @@ -207,8 +207,8 @@ func (r *TemplatesGatekeeperShConstraintTemplateV1Manifest) Schema(_ context.Con NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "code": schema.ListNestedAttribute{ - Description: "The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field)", - MarkdownDescription: "The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field)", + Description: "The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field)", + MarkdownDescription: "The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field)", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "engine": schema.StringAttribute{ diff --git a/internal/provider/templates_gatekeeper_sh_v1alpha1/templates_gatekeeper_sh_constraint_template_v1alpha1_manifest.go b/internal/provider/templates_gatekeeper_sh_v1alpha1/templates_gatekeeper_sh_constraint_template_v1alpha1_manifest.go index 27b60a281..4ab6a28f9 100644 --- a/internal/provider/templates_gatekeeper_sh_v1alpha1/templates_gatekeeper_sh_constraint_template_v1alpha1_manifest.go +++ b/internal/provider/templates_gatekeeper_sh_v1alpha1/templates_gatekeeper_sh_constraint_template_v1alpha1_manifest.go @@ -207,8 +207,8 @@ func (r *TemplatesGatekeeperShConstraintTemplateV1Alpha1Manifest) Schema(_ conte NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "code": schema.ListNestedAttribute{ - Description: "The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field)", - MarkdownDescription: "The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field)", + Description: "The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field)", + MarkdownDescription: "The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field)", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "engine": schema.StringAttribute{ diff --git a/internal/provider/templates_gatekeeper_sh_v1beta1/templates_gatekeeper_sh_constraint_template_v1beta1_manifest.go b/internal/provider/templates_gatekeeper_sh_v1beta1/templates_gatekeeper_sh_constraint_template_v1beta1_manifest.go index 490c9eacd..2e0a22762 100644 --- a/internal/provider/templates_gatekeeper_sh_v1beta1/templates_gatekeeper_sh_constraint_template_v1beta1_manifest.go +++ b/internal/provider/templates_gatekeeper_sh_v1beta1/templates_gatekeeper_sh_constraint_template_v1beta1_manifest.go @@ -207,8 +207,8 @@ func (r *TemplatesGatekeeperShConstraintTemplateV1Beta1Manifest) Schema(_ contex NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "code": schema.ListNestedAttribute{ - Description: "The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field)", - MarkdownDescription: "The source code options for the constraint template. 'Rego' can only be specified in one place (either here or in the 'rego' field)", + Description: "The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field)", + MarkdownDescription: "The source code options for the constraint template. 'Rego' can onlybe specified in one place (either here or in the 'rego' field)", NestedObject: schema.NestedAttributeObject{ Attributes: map[string]schema.Attribute{ "engine": schema.StringAttribute{ diff --git a/internal/provider/tempo_grafana_com_v1alpha1/tempo_grafana_com_tempo_stack_v1alpha1_manifest.go b/internal/provider/tempo_grafana_com_v1alpha1/tempo_grafana_com_tempo_stack_v1alpha1_manifest.go index fc84f33cd..7a2a8a326 100644 --- a/internal/provider/tempo_grafana_com_v1alpha1/tempo_grafana_com_tempo_stack_v1alpha1_manifest.go +++ b/internal/provider/tempo_grafana_com_v1alpha1/tempo_grafana_com_tempo_stack_v1alpha1_manifest.go @@ -52,6 +52,7 @@ type TempoGrafanaComTempoStackV1Alpha1ManifestData struct { } `tfsdk:"memberlist" json:"memberlist,omitempty"` } `tfsdk:"hash_ring" json:"hashRing,omitempty"` Images *struct { + OauthProxy *string `tfsdk:"oauth_proxy" json:"oauthProxy,omitempty"` Tempo *string `tfsdk:"tempo" json:"tempo,omitempty"` TempoGateway *string `tfsdk:"tempo_gateway" json:"tempoGateway,omitempty"` TempoGatewayOpa *string `tfsdk:"tempo_gateway_opa" json:"tempoGatewayOpa,omitempty"` @@ -276,6 +277,10 @@ type TempoGrafanaComTempoStackV1Alpha1ManifestData struct { } `tfsdk:"tolerations" json:"tolerations,omitempty"` } `tfsdk:"component" json:"component,omitempty"` JaegerQuery *struct { + Authentication *struct { + Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` + Sar *string `tfsdk:"sar" json:"sar,omitempty"` + } `tfsdk:"authentication" json:"authentication,omitempty"` Enabled *bool `tfsdk:"enabled" json:"enabled,omitempty"` Ingress *struct { Annotations *map[string]string `tfsdk:"annotations" json:"annotations,omitempty"` @@ -461,6 +466,14 @@ func (r *TempoGrafanaComTempoStackV1Alpha1Manifest) Schema(_ context.Context, _ Description: "Images defines the image for each container.", MarkdownDescription: "Images defines the image for each container.", Attributes: map[string]schema.Attribute{ + "oauth_proxy": schema.StringAttribute{ + Description: "OauthProxy defines the oauth proxy image used to protect the jaegerUI on single tenant.", + MarkdownDescription: "OauthProxy defines the oauth proxy image used to protect the jaegerUI on single tenant.", + Required: false, + Optional: true, + Computed: false, + }, + "tempo": schema.StringAttribute{ Description: "Tempo defines the tempo container image.", MarkdownDescription: "Tempo defines the tempo container image.", @@ -1940,6 +1953,31 @@ func (r *TempoGrafanaComTempoStackV1Alpha1Manifest) Schema(_ context.Context, _ Description: "JaegerQuery defines options specific to the Jaeger Query component.", MarkdownDescription: "JaegerQuery defines options specific to the Jaeger Query component.", Attributes: map[string]schema.Attribute{ + "authentication": schema.SingleNestedAttribute{ + Description: "Oauth defines the options for the oauth proxy used to protect jaeger UI", + MarkdownDescription: "Oauth defines the options for the oauth proxy used to protect jaeger UI", + Attributes: map[string]schema.Attribute{ + "enabled": schema.BoolAttribute{ + Description: "Defines if the authentication will be enabled for jaeger UI.", + MarkdownDescription: "Defines if the authentication will be enabled for jaeger UI.", + Required: false, + Optional: true, + Computed: false, + }, + + "sar": schema.StringAttribute{ + Description: "SAR defines the SAR to be used in the oauth-proxy default is '{'namespace': '', 'resource': 'pods', 'verb': 'get'}", + MarkdownDescription: "SAR defines the SAR to be used in the oauth-proxy default is '{'namespace': '', 'resource': 'pods', 'verb': 'get'}", + Required: false, + Optional: true, + Computed: false, + }, + }, + Required: false, + Optional: true, + Computed: false, + }, + "enabled": schema.BoolAttribute{ Description: "Enabled defines if the Jaeger Query component should be created.", MarkdownDescription: "Enabled defines if the Jaeger Query component should be created.", diff --git a/schemas/openapi_v2/kubernetes/kubernetes/swagger.json b/schemas/openapi_v2/kubernetes/kubernetes/swagger.json index d4c8e7d04..9336642f0 100644 --- a/schemas/openapi_v2/kubernetes/kubernetes/swagger.json +++ b/schemas/openapi_v2/kubernetes/kubernetes/swagger.json @@ -2836,7 +2836,7 @@ }, "persistentVolumeClaimRetentionPolicy": { "$ref": "#/definitions/io.k8s.api.apps.v1.StatefulSetPersistentVolumeClaimRetentionPolicy", - "description": "persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent volume claims created from volumeClaimTemplates. By default, all persistent volume claims are created as needed and retained until manually deleted. This policy allows the lifecycle to be altered, for example by deleting persistent volume claims when their stateful set is deleted, or when their pod is scaled down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, which is alpha. +optional" + "description": "persistentVolumeClaimRetentionPolicy describes the lifecycle of persistent volume claims created from volumeClaimTemplates. By default, all persistent volume claims are created as needed and retained until manually deleted. This policy allows the lifecycle to be altered, for example by deleting persistent volume claims when their stateful set is deleted, or when their pod is scaled down. This requires the StatefulSetAutoDeletePVC feature gate to be enabled, which is beta." }, "podManagementPolicy": { "description": "podManagementPolicy controls how pods are created during initial scale up, when replacing pods on nodes, or when scaling down. The default policy is `OrderedReady`, where pods are created in increasing order (pod-0, then pod-1, etc) and the controller will wait until each pod is ready before continuing. When scaling down, the pods are removed in the opposite order. The alternative policy is `Parallel` which will create pods in parallel to match the desired scale without waiting, and on scale down will delete all pods at once.", @@ -8476,7 +8476,7 @@ "type": "string" }, "kubeProxyVersion": { - "description": "KubeProxy Version reported by the node.", + "description": "Deprecated: KubeProxy Version reported by the node.", "type": "string" }, "kubeletVersion": { diff --git a/templates/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md.tmpl b/templates/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md.tmpl new file mode 100644 index 000000000..2404f4837 --- /dev/null +++ b/templates/data-sources/helm_toolkit_fluxcd_io_helm_release_v2_manifest.md.tmpl @@ -0,0 +1,19 @@ +--- +# generated by https://github.com/hashicorp/terraform-plugin-docs +page_title: "{{.Name}} {{.Type}} - {{.ProviderName}}" +subcategory: "helm.toolkit.fluxcd.io" +description: |- +{{ .Description | plainmarkdown | trimspace | prefixlines " " }} +--- + +# {{.Name}} ({{.Type}}) + +{{ .Description | trimspace }} + +{{ if .HasExample -}} +## Example Usage + +{{ tffile (printf "examples/data-sources/%s/data-source.tf" .Name)}} +{{- end }} + +{{ .SchemaMarkdown | trimspace }} diff --git a/terratest/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go b/terratest/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go new file mode 100644 index 000000000..bc2ea3b5b --- /dev/null +++ b/terratest/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go @@ -0,0 +1,36 @@ +/* + * SPDX-FileCopyrightText: The terraform-provider-k8s Authors + * SPDX-License-Identifier: 0BSD + */ + +package helm_toolkit_fluxcd_io_v2 + +import ( + "fmt" + "github.com/gruntwork-io/terratest/modules/terraform" + "github.com/stretchr/testify/assert" + "os" + "testing" +) + +func TestHelmToolkitFluxcdIoHelmReleaseV2Manifest(t *testing.T) { + path := "../../examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest" + + terraformOptions := terraform.WithDefaultRetryableErrors(t, &terraform.Options{ + TerraformDir: path, + NoColor: true, + }) + + defer os.RemoveAll(path + "/.terraform.lock.hcl") + defer os.RemoveAll(path + "/terraform.tfstate") + defer os.RemoveAll(path + "/terraform.tfstate.backup") + defer os.RemoveAll(path + "/.terraform") + + defer terraform.Destroy(t, terraformOptions) + terraform.InitAndApplyAndIdempotent(t, terraformOptions) + + outputMap := terraform.OutputMap(t, terraformOptions, "manifests") + for key, value := range outputMap { + assert.NotEmpty(t, value, fmt.Sprintf("data %s.%s did not produce an output", "k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest", key)) + } +} diff --git a/terratests.mk b/terratests.mk index 4e2a68428..a81730e25 100644 --- a/terratests.mk +++ b/terratests.mk @@ -2881,6 +2881,10 @@ out/terratest-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go: out/in mkdir --parents $(@D) go test -timeout=120s ./terratest/helm_sigstore_dev_v1alpha1/helm_sigstore_dev_rekor_v1alpha1_manifest_test.go touch $@ +out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go: out/install-sentinel terratest/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go $(shell find ./examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2_manifest -type f -name '*.tf') + mkdir --parents $(@D) + go test -timeout=120s ./terratest/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go + touch $@ out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go: out/install-sentinel terratest/helm_toolkit_fluxcd_io_v2beta1/helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go $(shell find ./examples/data-sources/k8s_helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest -type f -name '*.tf') mkdir --parents $(@D) go test -timeout=120s ./terratest/helm_toolkit_fluxcd_io_v2beta1/helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go @@ -6668,4 +6672,4 @@ out/terratest-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_t .PHONY: terratests -terratests: out/terratest-sentinel-about_k8s_io_cluster_property_v1alpha1_manifest_test.go out/terratest-sentinel-acid_zalan_do_operator_configuration_v1_manifest_test.go out/terratest-sentinel-acid_zalan_do_postgres_team_v1_manifest_test.go out/terratest-sentinel-acid_zalan_do_postgresql_v1_manifest_test.go out/terratest-sentinel-acme_cert_manager_io_challenge_v1_manifest_test.go out/terratest-sentinel-acme_cert_manager_io_order_v1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_authority_activation_v1alpha1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_authority_v1alpha1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_autoscaling_listener_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_autoscaling_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_ephemeral_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_ephemeral_runner_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_horizontal_runner_autoscaler_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_replica_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_v1alpha1_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha3_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha3_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha4_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha4_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1beta1_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1beta1_manifest_test.go out/terratest-sentinel-admissionregistration_k8s_io_mutating_webhook_configuration_v1_manifest_test.go out/terratest-sentinel-admissionregistration_k8s_io_validating_webhook_configuration_v1_manifest_test.go out/terratest-sentinel-agent_k8s_elastic_co_agent_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_aws_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_aws_iam_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cloud_stack_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cloud_stack_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_control_plane_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_docker_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_eksa_release_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_flux_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_git_ops_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_machine_deployment_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_node_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_nutanix_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_nutanix_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_oidc_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_ip_pool_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_template_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_v_sphere_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_v_sphere_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-apacheweb_arsenal_dev_apacheweb_v1alpha1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_config_provider_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_elastic_search_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_mongo_db_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_my_sql_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_postgre_sql_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_redis_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_pulsar_v1beta1_manifest_test.go out/terratest-sentinel-api_kubemod_io_mod_rule_v1beta1_manifest_test.go out/terratest-sentinel-apicodegen_apimatic_io_api_matic_v1beta1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composite_resource_definition_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_revision_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_revision_v1beta1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_api_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_authorizer_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_integration_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_route_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_stage_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_vpc_link_v1alpha1_manifest_test.go out/terratest-sentinel-apiregistration_k8s_io_api_service_v1_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_cluster_config_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_consumer_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_global_rule_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_plugin_config_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_route_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_tls_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_upstream_v2_manifest_test.go out/terratest-sentinel-apm_k8s_elastic_co_apm_server_v1_manifest_test.go out/terratest-sentinel-apm_k8s_elastic_co_apm_server_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_build_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_infra_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_runtime_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_supporting_service_v1beta1_manifest_test.go out/terratest-sentinel-app_lightbend_com_akka_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_cluster_v1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_active_active_database_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_database_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_remote_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_terraform_io_agent_pool_v1alpha2_manifest_test.go out/terratest-sentinel-app_terraform_io_module_v1alpha2_manifest_test.go out/terratest-sentinel-app_terraform_io_workspace_v1alpha2_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_access_log_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_iam_auth_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_service_import_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_target_group_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_vpc_association_policy_v1alpha1_manifest_test.go out/terratest-sentinel-applicationautoscaling_services_k8s_aws_scalable_target_v1alpha1_manifest_test.go out/terratest-sentinel-applicationautoscaling_services_k8s_aws_scaling_policy_v1alpha1_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_backend_group_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_gateway_route_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_mesh_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_gateway_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_node_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_router_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_service_v1beta2_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_log_conf_v1beta1_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_policy_v1beta1_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_user_sig_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_ap_dos_log_conf_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_ap_dos_policy_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_dos_protected_resource_v1beta1_manifest_test.go out/terratest-sentinel-apps_3scale_net_ap_icast_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_backup_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_restore_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_base_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_description_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_feed_inventory_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_globalization_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_helm_chart_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_helm_release_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_localization_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_manifest_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_broker_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_enterprise_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_plugin_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_broker_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_enterprise_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_plugin_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_rebalance_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_v2alpha1_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_v2beta1_manifest_test.go out/terratest-sentinel-apps_emqx_io_rebalance_v2beta1_manifest_test.go out/terratest-sentinel-apps_gitlab_com_git_lab_v1beta1_manifest_test.go out/terratest-sentinel-apps_gitlab_com_runner_v1beta2_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_version_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_class_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_resource_constraint_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_version_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_config_constraint_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_ops_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_ops_request_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_service_descriptor_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_config_constraint_v1beta1_manifest_test.go out/terratest-sentinel-apps_kubedl_io_cron_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeedge_io_edge_application_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeedge_io_node_group_v1alpha1_manifest_test.go out/terratest-sentinel-apps_m88i_io_nexus_v1alpha1_manifest_test.go out/terratest-sentinel-apps_redhat_com_cluster_impairment_v1alpha1_manifest_test.go out/terratest-sentinel-apps_daemon_set_v1_manifest_test.go out/terratest-sentinel-apps_deployment_v1_manifest_test.go out/terratest-sentinel-apps_replica_set_v1_manifest_test.go out/terratest-sentinel-apps_stateful_set_v1_manifest_test.go out/terratest-sentinel-aquasecurity_github_io_aqua_starboard_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_app_project_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_application_set_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_application_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_export_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_v1beta1_manifest_test.go out/terratest-sentinel-asdb_aerospike_com_aerospike_cluster_v1_manifest_test.go out/terratest-sentinel-asdb_aerospike_com_aerospike_cluster_v1beta1_manifest_test.go out/terratest-sentinel-atlasmap_io_atlas_map_v1alpha1_manifest_test.go out/terratest-sentinel-auth_ops42_org_aws_auth_sync_config_v1alpha1_manifest_test.go out/terratest-sentinel-authzed_com_spice_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-automation_kubensync_com_managed_resource_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_elastic_co_elasticsearch_autoscaler_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1beta2_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1beta2_manifest_test.go out/terratest-sentinel-autoscaling_karmada_io_cron_federated_hpa_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_karmada_io_federated_hpa_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_horizontal_pod_autoscaler_v1_manifest_test.go out/terratest-sentinel-autoscaling_horizontal_pod_autoscaler_v2_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_v1beta1_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_backup_v1beta1_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_restore_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_apim_service_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_api_mgmt_api_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_app_insights_api_key_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_app_insights_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_load_balancer_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_network_interface_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_public_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_action_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_failover_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_managed_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_virtual_machine_extension_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_virtual_machine_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_vm_scale_set_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_blob_container_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_consumer_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_cosmos_db_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_eventhub_namespace_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_eventhub_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_key_vault_key_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_key_vault_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_administrator_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_redis_cache_action_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_redis_cache_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_resource_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_storage_account_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_virtual_network_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_blob_container_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_user_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_database_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_failover_group_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_server_v1beta1_manifest_test.go out/terratest-sentinel-b3scale_infra_run_bbb_frontend_v1_manifest_test.go out/terratest-sentinel-batch_cron_job_v1_manifest_test.go out/terratest-sentinel-batch_job_v1_manifest_test.go out/terratest-sentinel-batch_volcano_sh_job_v1alpha1_manifest_test.go out/terratest-sentinel-beat_k8s_elastic_co_beat_v1beta1_manifest_test.go out/terratest-sentinel-beegfs_csi_netapp_com_beegfs_driver_v1_manifest_test.go out/terratest-sentinel-binding_operators_coreos_com_service_binding_v1alpha1_manifest_test.go out/terratest-sentinel-bitnami_com_sealed_secret_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_job_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_machine_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_task_v1alpha1_manifest_test.go out/terratest-sentinel-boskos_k8s_io_drlc_object_v1_manifest_test.go out/terratest-sentinel-boskos_k8s_io_resource_object_v1_manifest_test.go out/terratest-sentinel-bpfman_io_bpf_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_fentry_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_fexit_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_kprobe_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_tc_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_tracepoint_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_uprobe_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_xdp_program_v1alpha1_manifest_test.go out/terratest-sentinel-bus_volcano_sh_command_v1alpha1_manifest_test.go out/terratest-sentinel-cache_kubedl_io_cache_backend_v1alpha1_manifest_test.go out/terratest-sentinel-caching_ibm_com_varnish_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-camel_apache_org_build_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_camel_catalog_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_kit_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_platform_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_profile_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_pipe_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_binding_v1alpha1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_v1alpha1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_canary_v1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_component_v1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_topology_v1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_tenant_v1alpha1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_active_doc_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_application_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_backend_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_custom_policy_definition_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_developer_account_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_developer_user_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_open_api_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_product_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_proxy_config_promote_v1beta1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_capsule_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1alpha1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1beta1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_capsule_configuration_v1beta2_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1beta2_manifest_test.go out/terratest-sentinel-cassandra_datastax_com_cassandra_datacenter_v1beta1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_block_pool_rados_namespace_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_block_pool_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_bucket_notification_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_bucket_topic_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_client_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_cluster_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_cosi_driver_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_mirror_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_sub_volume_group_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_nfs_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_realm_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_store_user_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_store_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_zone_group_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_zone_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_rbd_mirror_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_certificate_request_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_certificate_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_cluster_issuer_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_issuer_v1_manifest_test.go out/terratest-sentinel-certificates_k8s_io_certificate_signing_request_v1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_test_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-chaos_mesh_org_aws_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_azure_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_block_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_dns_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_gcp_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_http_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_io_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_jvm_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_kernel_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_network_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_physical_machine_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_physical_machine_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_http_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_io_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_network_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_remote_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_status_check_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_stress_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_time_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_workflow_node_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_workflow_v1alpha1_manifest_test.go out/terratest-sentinel-chaosblade_io_chaos_blade_v1alpha1_manifest_test.go out/terratest-sentinel-charts_amd_com_amdgpu_v1alpha1_manifest_test.go out/terratest-sentinel-charts_flagsmith_com_flagsmith_v1alpha1_manifest_test.go out/terratest-sentinel-charts_helm_k8s_io_snyk_monitor_v1alpha1_manifest_test.go out/terratest-sentinel-charts_opdev_io_synapse_v1alpha1_manifest_test.go out/terratest-sentinel-charts_operatorhub_io_cockroachdb_v1alpha1_manifest_test.go out/terratest-sentinel-che_eclipse_org_kubernetes_image_puller_v1alpha1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_provisioner_v1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_v1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_clusterwide_envoy_config_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_clusterwide_network_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_egress_gateway_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_envoy_config_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_external_workload_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_identity_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_local_redirect_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_network_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_node_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_cidr_group_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_endpoint_slice_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_node_config_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_pod_ip_pool_v2alpha1_manifest_test.go out/terratest-sentinel-claudie_io_input_manifest_v1beta1_manifest_test.go out/terratest-sentinel-cloudformation_linki_space_stack_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_cache_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_distribution_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_function_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_origin_request_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_response_headers_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudtrail_services_k8s_aws_event_data_store_v1alpha1_manifest_test.go out/terratest-sentinel-cloudtrail_services_k8s_aws_trail_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_aws_amazon_com_amazon_cloud_watch_agent_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_aws_amazon_com_instrumentation_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_services_k8s_aws_metric_alarm_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatchlogs_services_k8s_aws_log_group_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_clusterpedia_io_cluster_sync_resources_v1alpha2_manifest_test.go out/terratest-sentinel-cluster_clusterpedia_io_pedia_cluster_v1alpha2_manifest_test.go out/terratest-sentinel-cluster_ipfs_io_circuit_relay_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_ipfs_io_ipfs_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_class_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_class_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1beta1_manifest_test.go out/terratest-sentinel-clusters_clusternet_io_cluster_registration_request_v1beta1_manifest_test.go out/terratest-sentinel-clusters_clusternet_io_managed_cluster_v1beta1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_instance_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_quota_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_setup_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_config_v1alpha1_manifest_test.go out/terratest-sentinel-confidentialcontainers_org_cc_runtime_v1beta1_manifest_test.go out/terratest-sentinel-config_gatekeeper_sh_config_v1alpha1_manifest_test.go out/terratest-sentinel-config_grafana_com_project_config_v1_manifest_test.go out/terratest-sentinel-config_karmada_io_resource_interpreter_customization_v1alpha1_manifest_test.go out/terratest-sentinel-config_karmada_io_resource_interpreter_webhook_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-config_koordinator_sh_cluster_colocation_profile_v1alpha1_manifest_test.go out/terratest-sentinel-config_storageos_com_operator_config_v1_manifest_test.go out/terratest-sentinel-control_k8ssandra_io_cassandra_task_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_collected_status_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_federated_object_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_collected_status_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_object_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_type_config_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_scheduler_plugin_webhook_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_scheduling_profile_v1alpha1_manifest_test.go out/terratest-sentinel-core_linuxsuren_github_com_a_test_v1alpha1_manifest_test.go out/terratest-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-core_strimzi_io_strimzi_pod_set_v1beta2_manifest_test.go out/terratest-sentinel-config_map_v1_manifest_test.go out/terratest-sentinel-endpoints_v1_manifest_test.go out/terratest-sentinel-limit_range_v1_manifest_test.go out/terratest-sentinel-namespace_v1_manifest_test.go out/terratest-sentinel-persistent_volume_claim_v1_manifest_test.go out/terratest-sentinel-persistent_volume_v1_manifest_test.go out/terratest-sentinel-pod_v1_manifest_test.go out/terratest-sentinel-replication_controller_v1_manifest_test.go out/terratest-sentinel-secret_v1_manifest_test.go out/terratest-sentinel-service_account_v1_manifest_test.go out/terratest-sentinel-service_v1_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_autoscaler_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_backup_restore_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_backup_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_cluster_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_collection_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_collection_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_ephemeral_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_memcached_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_migration_replication_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_replication_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_role_binding_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_scope_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_scope_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_user_v2_manifest_test.go out/terratest-sentinel-craftypath_github_io_sops_secret_v1alpha1_manifest_test.go out/terratest-sentinel-crane_konveyor_io_operator_config_v1alpha1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_filter_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_peer_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_block_affinity_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_calico_node_status_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_cluster_information_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_felix_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_global_network_policy_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_global_network_set_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_host_endpoint_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_block_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_config_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_handle_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ip_pool_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ip_reservation_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_kube_controllers_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_network_policy_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_network_set_v1_manifest_test.go out/terratest-sentinel-data_fluid_io_alluxio_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_data_backup_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_data_load_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_dataset_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_goose_fs_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_jindo_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_juice_fs_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_thin_runtime_profile_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_thin_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-databases_schemahero_io_database_v1alpha4_manifest_test.go out/terratest-sentinel-databases_spotahome_com_redis_failover_v1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_agent_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_metric_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_monitor_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_slo_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_agent_v2alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_action_set_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_policy_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_repo_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_restore_v1alpha1_manifest_test.go out/terratest-sentinel-designer_kaoto_io_kaoto_v1alpha1_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_model_v1alpha2_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_v1alpha2_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_model_v1beta1_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_v1beta1_manifest_test.go out/terratest-sentinel-devops_kubesphere_io_releaser_controller_v1alpha1_manifest_test.go out/terratest-sentinel-devops_kubesphere_io_releaser_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_identity_provider_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_o_auth2_client_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_user_v1alpha1_manifest_test.go out/terratest-sentinel-digitalis_io_vals_secret_v1_manifest_test.go out/terratest-sentinel-digitalis_io_db_secret_v1beta1_manifest_test.go out/terratest-sentinel-discovery_k8s_io_endpoint_slice_v1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-druid_apache_org_druid_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_backup_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_global_table_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_table_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_dhcp_options_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_elastic_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_instance_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_internet_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_nat_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_route_table_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_security_group_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_subnet_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_transit_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_vpc_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_vpc_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-ecr_services_k8s_aws_pull_through_cache_rule_v1alpha1_manifest_test.go out/terratest-sentinel-ecr_services_k8s_aws_repository_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_access_point_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_file_system_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_mount_target_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_addon_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_fargate_profile_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_nodegroup_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_replication_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_user_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest_test.go out/terratest-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_target_group_binding_v1alpha1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_ingress_class_params_v1beta1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_target_group_binding_v1beta1_manifest_test.go out/terratest-sentinel-emrcontainers_services_k8s_aws_job_run_v1alpha1_manifest_test.go out/terratest-sentinel-emrcontainers_services_k8s_aws_virtual_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-ensembleoss_io_cluster_v1_manifest_test.go out/terratest-sentinel-ensembleoss_io_resource_v1_manifest_test.go out/terratest-sentinel-enterprise_gloo_solo_io_auth_config_v1_manifest_test.go out/terratest-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest_test.go out/terratest-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest_test.go out/terratest-sentinel-events_k8s_io_event_v1_manifest_test.go out/terratest-sentinel-everest_percona_com_backup_storage_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_backup_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_restore_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_engine_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_monitoring_config_v1alpha1_manifest_test.go out/terratest-sentinel-execution_furiko_io_job_config_v1alpha1_manifest_test.go out/terratest-sentinel-execution_furiko_io_job_v1alpha1_manifest_test.go out/terratest-sentinel-executor_testkube_io_executor_v1_manifest_test.go out/terratest-sentinel-executor_testkube_io_webhook_v1_manifest_test.go out/terratest-sentinel-expansion_gatekeeper_sh_expansion_template_v1alpha1_manifest_test.go out/terratest-sentinel-expansion_gatekeeper_sh_expansion_template_v1beta1_manifest_test.go out/terratest-sentinel-extensions_istio_io_wasm_plugin_v1alpha1_manifest_test.go out/terratest-sentinel-extensions_kubeblocks_io_addon_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_secret_store_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_external_secret_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_secret_store_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_external_secret_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_secret_store_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_external_secret_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_secret_store_v1beta1_manifest_test.go out/terratest-sentinel-externaldata_gatekeeper_sh_provider_v1alpha1_manifest_test.go out/terratest-sentinel-externaldata_gatekeeper_sh_provider_v1beta1_manifest_test.go out/terratest-sentinel-externaldns_k8s_io_dns_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-externaldns_nginx_org_dns_endpoint_v1_manifest_test.go out/terratest-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-flagger_app_alert_provider_v1beta1_manifest_test.go out/terratest-sentinel-flagger_app_canary_v1beta1_manifest_test.go out/terratest-sentinel-flagger_app_metric_template_v1beta1_manifest_test.go out/terratest-sentinel-flink_apache_org_flink_deployment_v1beta1_manifest_test.go out/terratest-sentinel-flink_apache_org_flink_session_job_v1beta1_manifest_test.go out/terratest-sentinel-flow_volcano_sh_job_flow_v1alpha1_manifest_test.go out/terratest-sentinel-flow_volcano_sh_job_template_v1alpha1_manifest_test.go out/terratest-sentinel-flowcontrol_apiserver_k8s_io_flow_schema_v1beta3_manifest_test.go out/terratest-sentinel-flowcontrol_apiserver_k8s_io_priority_level_configuration_v1beta3_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1alpha1_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1beta1_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1beta2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_filter_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_fluent_bit_config_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_input_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_output_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_parser_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_collector_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_filter_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_fluent_bit_config_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_fluent_bit_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_output_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_parser_v1alpha2_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_filter_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_fluentd_config_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_input_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_output_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_filter_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_fluentd_config_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_fluentd_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_input_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_output_v1alpha1_manifest_test.go out/terratest-sentinel-flux_framework_org_mini_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-flux_framework_org_mini_cluster_v1alpha2_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_forklift_controller_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_hook_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_host_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_migration_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_network_map_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_openstack_volume_populator_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_ovirt_volume_populator_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_plan_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_provider_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_storage_map_v1beta1_manifest_test.go out/terratest-sentinel-fossul_io_backup_config_v1_manifest_test.go out/terratest-sentinel-fossul_io_backup_schedule_v1_manifest_test.go out/terratest-sentinel-fossul_io_backup_v1_manifest_test.go out/terratest-sentinel-fossul_io_fossul_v1_manifest_test.go out/terratest-sentinel-fossul_io_restore_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_class_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_grpc_route_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_http_route_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_grpc_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_tls_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_udp_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_class_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_http_route_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1beta1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_client_settings_policy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_nginx_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_nginx_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_observability_policy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_solo_io_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_matchable_http_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_route_option_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_route_table_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_virtual_host_option_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_virtual_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v1_manifest_test.go out/terratest-sentinel-getambassador_io_module_v1_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v2_manifest_test.go out/terratest-sentinel-getambassador_io_host_v2_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v2_manifest_test.go out/terratest-sentinel-getambassador_io_module_v2_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_host_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_listener_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_module_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v3alpha1_manifest_test.go out/terratest-sentinel-gitops_hybrid_cloud_patterns_io_pattern_v1alpha1_manifest_test.go out/terratest-sentinel-gloo_solo_io_proxy_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_settings_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_upstream_group_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_upstream_v1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_dashboard_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_datasource_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_folder_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_v1beta1_manifest_test.go out/terratest-sentinel-graphql_gloo_solo_io_graph_ql_api_v1beta1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_class_v1alpha1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_content_v1alpha1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_cron_hot_backup_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_hazelcast_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_hot_backup_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_management_center_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_map_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_wan_replication_v1alpha1_manifest_test.go out/terratest-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest_test.go out/terratest-sentinel-hive_openshift_io_checkpoint_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_claim_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deployment_customization_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deployment_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deprovision_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_image_set_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_pool_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_provision_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_relocate_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_state_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_dns_zone_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_hive_config_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_machine_pool_name_lease_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_machine_pool_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_selector_sync_identity_provider_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_selector_sync_set_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_sync_identity_provider_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_sync_set_v1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_cluster_sync_lease_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_cluster_sync_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_fake_cluster_install_v1alpha1_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hierarchical_resource_quota_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hierarchy_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hnc_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_subnamespace_anchor_v1alpha2_manifest_test.go out/terratest-sentinel-hyperfoil_io_horreum_v1alpha1_manifest_test.go out/terratest-sentinel-hyperfoil_io_hyperfoil_v1alpha2_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_group_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_instance_profile_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_open_id_connect_provider_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_policy_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_role_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-ibmcloud_ibm_com_composable_v1alpha1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta2_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta2_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_event_bridge_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_event_driven_ingestion_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_instance_binding_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_study_binding_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicomweb_ingestion_service_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dimse_ingestion_service_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dimse_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-inference_kubedl_io_elastic_batch_job_v1alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_infinispan_v1_manifest_test.go out/terratest-sentinel-infinispan_org_backup_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_batch_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_cache_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_restore_v2alpha1_manifest_test.go out/terratest-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha1_manifest_test.go out/terratest-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_template_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_template_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta2_manifest_test.go out/terratest-sentinel-installation_mattermost_com_mattermost_v1beta1_manifest_test.go out/terratest-sentinel-instana_io_instana_agent_v1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_deferred_resource_v1beta1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_plug_v1beta1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_socket_v1beta1_manifest_test.go out/terratest-sentinel-iot_eclipse_org_ditto_v1alpha1_manifest_test.go out/terratest-sentinel-iot_eclipse_org_hawkbit_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1beta1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_v1beta1_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha1_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha2_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha3_manifest_test.go out/terratest-sentinel-jaegertracing_io_jaeger_v1_manifest_test.go out/terratest-sentinel-jobset_x_k8s_io_job_set_v1alpha2_manifest_test.go out/terratest-sentinel-jobsmanager_raczylo_com_managed_job_v1beta1_manifest_test.go out/terratest-sentinel-k6_io_k6_v1alpha1_manifest_test.go out/terratest-sentinel-k6_io_private_load_zone_v1alpha1_manifest_test.go out/terratest-sentinel-k6_io_test_run_v1alpha1_manifest_test.go out/terratest-sentinel-k8gb_absa_oss_gslb_v1beta1_manifest_test.go out/terratest-sentinel-k8s_keycloak_org_keycloak_realm_import_v2alpha1_manifest_test.go out/terratest-sentinel-k8s_keycloak_org_keycloak_v2alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_backup_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_connection_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_database_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_grant_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_maria_db_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_max_scale_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_restore_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_sql_job_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_user_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_global_configuration_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_policy_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_transport_server_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_virtual_server_route_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_virtual_server_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_global_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_policy_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_transport_server_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_otterize_com_client_intents_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_kafka_server_config_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_protected_service_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_client_intents_v1alpha3_manifest_test.go out/terratest-sentinel-k8s_otterize_com_kafka_server_config_v1alpha3_manifest_test.go out/terratest-sentinel-k8s_otterize_com_protected_service_v1alpha3_manifest_test.go out/terratest-sentinel-k8up_io_archive_v1_manifest_test.go out/terratest-sentinel-k8up_io_backup_v1_manifest_test.go out/terratest-sentinel-k8up_io_check_v1_manifest_test.go out/terratest-sentinel-k8up_io_pre_backup_pod_v1_manifest_test.go out/terratest-sentinel-k8up_io_prune_v1_manifest_test.go out/terratest-sentinel-k8up_io_restore_v1_manifest_test.go out/terratest-sentinel-k8up_io_schedule_v1_manifest_test.go out/terratest-sentinel-k8up_io_snapshot_v1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_cruise_control_operation_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_topic_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_user_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_cluster_v1beta1_manifest_test.go out/terratest-sentinel-kafka_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1beta1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1beta1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_bridge_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_connect_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_connector_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_mirror_maker2_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_mirror_maker_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_rebalance_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_v1beta2_manifest_test.go out/terratest-sentinel-kamaji_clastix_io_data_store_v1alpha1_manifest_test.go out/terratest-sentinel-kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-karpenter_k8s_aws_ec2_node_class_v1beta1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_claim_v1beta1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_pool_v1beta1_manifest_test.go out/terratest-sentinel-keda_sh_cluster_trigger_authentication_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_scaled_job_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_scaled_object_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_trigger_authentication_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_k8s_reddec_net_keycloak_client_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_backup_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_client_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_realm_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_user_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_v1alpha1_manifest_test.go out/terratest-sentinel-keyspaces_services_k8s_aws_keyspace_v1alpha1_manifest_test.go out/terratest-sentinel-keyspaces_services_k8s_aws_table_v1alpha1_manifest_test.go out/terratest-sentinel-kiali_io_kiali_v1alpha1_manifest_test.go out/terratest-sentinel-kibana_k8s_elastic_co_kibana_v1_manifest_test.go out/terratest-sentinel-kibana_k8s_elastic_co_kibana_v1beta1_manifest_test.go out/terratest-sentinel-kinesis_services_k8s_aws_stream_v1alpha1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_module_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_node_modules_config_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta2_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_alias_v1alpha1_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_grant_v1alpha1_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_key_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_dns_record_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_managed_zone_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_kuadrant_v1beta1_manifest_test.go out/terratest-sentinel-kuadrant_io_auth_policy_v1beta2_manifest_test.go out/terratest-sentinel-kuadrant_io_rate_limit_policy_v1beta2_manifest_test.go out/terratest-sentinel-kube_green_com_sleep_info_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_cluster_operation_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_local_artifact_set_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_manifest_v1alpha1_manifest_test.go out/terratest-sentinel-kubecost_com_turndown_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-kubevious_io_workload_profile_v1alpha1_manifest_test.go out/terratest-sentinel-kubevious_io_workload_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_admission_check_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_cluster_queue_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_local_queue_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_resource_flavor_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_workload_v1beta1_manifest_test.go out/terratest-sentinel-kuma_io_circuit_breaker_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_container_patch_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_dataplane_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_dataplane_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_external_service_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_fault_injection_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_access_log_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_circuit_breaker_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_fault_injection_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_config_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_instance_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_http_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_load_balancing_strategy_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_proxy_patch_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_rate_limit_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_retry_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_tcp_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_timeout_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_trace_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_traffic_permission_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_proxy_template_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_rate_limit_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_retry_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_service_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_timeout_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_log_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_permission_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_trace_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_virtual_outbound_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_egress_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_egress_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_ingress_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_ingress_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_v1alpha1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_policy_v1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_v1_manifest_test.go out/terratest-sentinel-kyverno_io_admission_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_background_scan_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_admission_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_background_scan_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_update_request_v1beta1_manifest_test.go out/terratest-sentinel-kyverno_io_admission_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_background_scan_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_admission_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_background_scan_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2_manifest_test.go out/terratest-sentinel-kyverno_io_update_request_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_global_context_entry_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_v2beta1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_alias_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_code_signing_config_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_function_url_config_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_function_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_layer_version_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_version_v1alpha1_manifest_test.go out/terratest-sentinel-lb_lbconfig_carlosedp_com_external_load_balancer_v1_manifest_test.go out/terratest-sentinel-leaksignal_com_cluster_leaksignal_istio_v1_manifest_test.go out/terratest-sentinel-leaksignal_com_leaksignal_istio_v1_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta5_manifest_test.go out/terratest-sentinel-limitador_kuadrant_io_limitador_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_engine_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_experiment_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_result_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_flow_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_output_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_flow_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_logging_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_output_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_logging_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_node_agent_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_cluster_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_cluster_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest_test.go out/terratest-sentinel-logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest_test.go out/terratest-sentinel-loki_grafana_com_alerting_rule_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_loki_stack_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_recording_rule_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_ruler_config_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_alerting_rule_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_loki_stack_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_recording_rule_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_ruler_config_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_data_source_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_target_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_volume_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_engine_image_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_engine_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_instance_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_node_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_recurring_job_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_replica_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_setting_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_share_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_volume_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_data_source_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_backing_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_target_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_volume_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_engine_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_engine_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_instance_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_node_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_orphan_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_recurring_job_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_replica_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_setting_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_share_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_snapshot_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_support_bundle_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_system_backup_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_system_restore_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_volume_attachment_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_volume_v1beta2_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_moodle_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_nginx_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_phpfpm_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_routine_v1alpha1_manifest_test.go out/terratest-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_backup_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_connection_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_database_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_grant_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_maria_db_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_restore_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_sql_job_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_user_v1alpha1_manifest_test.go out/terratest-sentinel-marin3r_3scale_net_envoy_config_revision_v1alpha1_manifest_test.go out/terratest-sentinel-marin3r_3scale_net_envoy_config_v1alpha1_manifest_test.go out/terratest-sentinel-mattermost_com_cluster_installation_v1alpha1_manifest_test.go out/terratest-sentinel-mattermost_com_mattermost_restore_db_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_acl_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_composite_controller_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_controller_revision_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_decorator_controller_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_bare_metal_host_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_bmc_event_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_data_image_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_firmware_schema_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_hardware_data_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_host_firmware_components_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_host_firmware_settings_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_preprovisioning_image_v1alpha1_manifest_test.go out/terratest-sentinel-minio_min_io_tenant_v2_manifest_test.go out/terratest-sentinel-mirrors_kts_studio_secret_mirror_v1alpha1_manifest_test.go out/terratest-sentinel-mirrors_kts_studio_secret_mirror_v1alpha2_manifest_test.go out/terratest-sentinel-model_kubedl_io_model_v1alpha1_manifest_test.go out/terratest-sentinel-model_kubedl_io_model_version_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_pod_monitor_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_probe_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_rule_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_service_monitor_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_thanos_ruler_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_config_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_agent_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_scrape_config_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_config_v1beta1_manifest_test.go out/terratest-sentinel-monocle_monocle_change_metrics_io_monocle_v1alpha1_manifest_test.go out/terratest-sentinel-mq_services_k8s_aws_broker_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_label_identity_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_member_cluster_announce_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_multi_cluster_config_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_resource_export_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_resource_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_claim_v1alpha2_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha2_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_applied_work_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_service_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_work_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_image_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1beta1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1beta1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1beta1_manifest_test.go out/terratest-sentinel-nativestor_alauda_io_raw_device_v1_manifest_test.go out/terratest-sentinel-netchecks_io_network_assertion_v1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_firewall_policy_v1alpha1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_firewall_v1alpha1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_rule_group_v1alpha1_manifest_test.go out/terratest-sentinel-networking_gke_io_managed_certificate_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_envoy_filter_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_proxy_config_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1beta1_manifest_test.go out/terratest-sentinel-networking_k8s_aws_policy_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-networking_k8s_io_ingress_class_v1_manifest_test.go out/terratest-sentinel-networking_k8s_io_ingress_v1_manifest_test.go out/terratest-sentinel-networking_k8s_io_network_policy_v1_manifest_test.go out/terratest-sentinel-networking_karmada_io_multi_cluster_ingress_v1alpha1_manifest_test.go out/terratest-sentinel-networking_karmada_io_multi_cluster_service_v1alpha1_manifest_test.go out/terratest-sentinel-nfd_k8s_sigs_io_node_feature_rule_v1alpha1_manifest_test.go out/terratest-sentinel-nfd_kubernetes_io_node_feature_discovery_v1_manifest_test.go out/terratest-sentinel-nfd_kubernetes_io_node_feature_rule_v1alpha1_manifest_test.go out/terratest-sentinel-nodeinfo_volcano_sh_numatopology_v1alpha1_manifest_test.go out/terratest-sentinel-notebook_kubedl_io_notebook_v1alpha1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta3_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta3_manifest_test.go out/terratest-sentinel-objectbucket_io_object_bucket_claim_v1alpha1_manifest_test.go out/terratest-sentinel-objectbucket_io_object_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-onepassword_com_one_password_item_v1_manifest_test.go out/terratest-sentinel-opensearchservice_services_k8s_aws_domain_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_instrumentation_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_op_amp_bridge_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_open_telemetry_collector_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_open_telemetry_collector_v1beta1_manifest_test.go out/terratest-sentinel-operations_kubeedge_io_node_upgrade_job_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_csp_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_database_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_enforcer_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_kube_enforcer_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_scanner_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_server_v1alpha1_manifest_test.go out/terratest-sentinel-operator_authorino_kuadrant_io_authorino_v1beta1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_addon_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cryostat_io_cryostat_v1beta1_manifest_test.go out/terratest-sentinel-operator_knative_dev_knative_eventing_v1beta1_manifest_test.go out/terratest-sentinel-operator_knative_dev_knative_serving_v1beta1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_discovery_service_certificate_v1alpha1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_discovery_service_v1alpha1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_envoy_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-operator_open_cluster_management_io_cluster_manager_v1_manifest_test.go out/terratest-sentinel-operator_open_cluster_management_io_klusterlet_v1_manifest_test.go out/terratest-sentinel-operator_shipwright_io_shipwright_build_v1alpha1_manifest_test.go out/terratest-sentinel-operator_tigera_io_amazon_cloud_integration_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_api_server_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_application_layer_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_authentication_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_compliance_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_egress_gateway_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_image_set_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_installation_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_intrusion_detection_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_log_collector_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_log_storage_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_management_cluster_connection_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_management_cluster_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_manager_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_monitor_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_packet_capture_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_policy_recommendation_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tenant_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tigera_status_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tls_pass_through_route_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tls_terminated_route_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_amazon_cloud_integration_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_agent_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alert_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_auth_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_cluster_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_probe_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_rule_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_single_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_user_v1beta1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_backup_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_backup_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_config_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_cron_anything_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_database_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_export_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_import_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_instance_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_pitr_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_release_v1alpha1_manifest_test.go out/terratest-sentinel-org_eclipse_che_che_cluster_v1_manifest_test.go out/terratest-sentinel-org_eclipse_che_che_cluster_v2_manifest_test.go out/terratest-sentinel-organizations_services_k8s_aws_organizational_unit_v1alpha1_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_backup_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_cluster_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_restore_v2_manifest_test.go out/terratest-sentinel-pipes_services_k8s_aws_pipe_v1alpha1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_configuration_revision_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_configuration_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_provider_revision_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_provider_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_controller_config_v1alpha1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_lock_v1beta1_manifest_test.go out/terratest-sentinel-policy_clusterpedia_io_cluster_import_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_clusterpedia_io_pedia_cluster_lifecycle_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_cluster_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_federated_resource_quota_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_kubeedge_io_service_account_access_v1alpha1_manifest_test.go out/terratest-sentinel-policy_networking_k8s_io_admin_network_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_networking_k8s_io_baseline_admin_network_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_pod_disruption_budget_v1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_pg_admin_v1beta1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_backup_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_cluster_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_pooler_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_scheduled_backup_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_http_proxy_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_tls_certificate_delegation_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_contour_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-projectcontour_io_contour_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-projectcontour_io_extension_service_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_alert_manager_definition_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_logging_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_rule_groups_namespace_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_workspace_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_backup_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_restore_v1alpha1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_v1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_backup_v1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_restore_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_node_ptp_device_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_ptp_config_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_ptp_operator_config_v1_manifest_test.go out/terratest-sentinel-pubsubplus_solace_com_pub_sub_plus_event_broker_v1beta1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_backup_v1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_v1_manifest_test.go out/terratest-sentinel-quay_redhat_com_quay_registry_v1_manifest_test.go out/terratest-sentinel-quota_codeflare_dev_quota_subtree_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_cluster_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_job_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_service_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_job_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_service_v1alpha1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_cluster_role_binding_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_cluster_role_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_role_binding_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_role_v1_manifest_test.go out/terratest-sentinel-rbacmanager_reactiveops_io_rbac_definition_v1beta1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_component_v1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_operation_v1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_component_v1beta2_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_operation_v1beta2_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_cluster_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_global_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_group_config_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_keepalived_group_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_namespace_config_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_patch_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_user_config_v1alpha1_manifest_test.go out/terratest-sentinel-registry_apicur_io_apicurio_registry_v1_manifest_test.go out/terratest-sentinel-registry_devfile_io_cluster_devfile_registries_list_v1alpha1_manifest_test.go out/terratest-sentinel-registry_devfile_io_devfile_registries_list_v1alpha1_manifest_test.go out/terratest-sentinel-registry_devfile_io_devfile_registry_v1alpha1_manifest_test.go out/terratest-sentinel-reliablesyncs_kubeedge_io_cluster_object_sync_v1alpha1_manifest_test.go out/terratest-sentinel-reliablesyncs_kubeedge_io_object_sync_v1alpha1_manifest_test.go out/terratest-sentinel-remediation_medik8s_io_node_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_backup_v1beta2_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_restore_v1beta2_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_v1beta2_manifest_test.go out/terratest-sentinel-reports_kyverno_io_cluster_ephemeral_report_v1_manifest_test.go out/terratest-sentinel-reports_kyverno_io_ephemeral_report_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_login_rule_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_okta_import_rule_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_provision_token_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_saml_connector_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_user_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_github_connector_v3_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_oidc_connector_v3_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_role_v5_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_role_v6_manifest_test.go out/terratest-sentinel-ripsaw_cloudbulldozer_io_benchmark_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_broker_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_console_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_name_service_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_topic_transfer_v1alpha1_manifest_test.go out/terratest-sentinel-route53_services_k8s_aws_hosted_zone_v1alpha1_manifest_test.go out/terratest-sentinel-route53_services_k8s_aws_record_set_v1alpha1_manifest_test.go out/terratest-sentinel-route53resolver_services_k8s_aws_resolver_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-route53resolver_services_k8s_aws_resolver_rule_v1alpha1_manifest_test.go out/terratest-sentinel-rules_kubeedge_io_rule_endpoint_v1_manifest_test.go out/terratest-sentinel-rules_kubeedge_io_rule_v1_manifest_test.go out/terratest-sentinel-runtime_cluster_x_k8s_io_extension_config_v1alpha1_manifest_test.go out/terratest-sentinel-s3_services_k8s_aws_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_user_claim_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_user_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_app_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_data_quality_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_domain_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_endpoint_config_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_feature_group_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_hyper_parameter_tuning_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_bias_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_explainability_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_package_group_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_package_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_quality_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_monitoring_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_notebook_instance_lifecycle_config_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_notebook_instance_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_processing_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_training_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_transform_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_user_profile_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_k8s_io_priority_class_v1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_device_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_pod_migration_job_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_reservation_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_sigs_k8s_io_elastic_quota_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_sigs_k8s_io_pod_group_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_volcano_sh_pod_group_v1beta1_manifest_test.go out/terratest-sentinel-scheduling_volcano_sh_queue_v1beta1_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_data_type_v1alpha4_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_migration_v1alpha4_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_table_v1alpha4_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_scylla_cluster_v1_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_node_config_v1alpha1_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_scylla_operator_config_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_basic_auth_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_ssh_key_pair_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_string_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_crossplane_io_store_config_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_doppler_com_doppler_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_hcp_auth_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_auth_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_connection_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_static_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1_manifest_test.go out/terratest-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1alpha1_manifest_test.go out/terratest-sentinel-secretsmanager_services_k8s_aws_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secscan_quay_redhat_com_image_manifest_vuln_v1alpha1_manifest_test.go out/terratest-sentinel-security_istio_io_authorization_policy_v1_manifest_test.go out/terratest-sentinel-security_istio_io_peer_authentication_v1_manifest_test.go out/terratest-sentinel-security_istio_io_request_authentication_v1_manifest_test.go out/terratest-sentinel-security_istio_io_authorization_policy_v1beta1_manifest_test.go out/terratest-sentinel-security_istio_io_peer_authentication_v1beta1_manifest_test.go out/terratest-sentinel-security_istio_io_request_authentication_v1beta1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_app_armor_profile_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_profile_binding_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_profile_recording_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_security_profile_node_status_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_security_profiles_operator_daemon_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_raw_selinux_profile_v1alpha2_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_selinux_profile_v1alpha2_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_seccomp_profile_v1beta1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_config_v1alpha1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-sematext_com_sematext_agent_v1_manifest_test.go out/terratest-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1alpha3_manifest_test.go out/terratest-sentinel-servicebinding_io_service_binding_v1alpha3_manifest_test.go out/terratest-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1beta1_manifest_test.go out/terratest-sentinel-servicebinding_io_service_binding_v1beta1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_mesh_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_mesh_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_peer_istio_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-services_k8s_aws_adopted_resource_v1alpha1_manifest_test.go out/terratest-sentinel-services_k8s_aws_field_export_v1alpha1_manifest_test.go out/terratest-sentinel-serving_kubedl_io_inference_v1alpha1_manifest_test.go out/terratest-sentinel-sfn_services_k8s_aws_activity_v1alpha1_manifest_test.go out/terratest-sentinel-sfn_services_k8s_aws_state_machine_v1alpha1_manifest_test.go out/terratest-sentinel-site_superedge_io_node_group_v1alpha1_manifest_test.go out/terratest-sentinel-site_superedge_io_node_unit_v1alpha1_manifest_test.go out/terratest-sentinel-slo_koordinator_sh_node_metric_v1alpha1_manifest_test.go out/terratest-sentinel-slo_koordinator_sh_node_slo_v1alpha1_manifest_test.go out/terratest-sentinel-sloth_slok_dev_prometheus_service_level_v1_manifest_test.go out/terratest-sentinel-snapscheduler_backube_snapshot_schedule_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1beta1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1beta1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1beta1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_platform_application_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_platform_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_topic_v1alpha1_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_build_v1alpha08_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_platform_v1alpha08_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_v1alpha08_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_oci_repository_v1beta2_manifest_test.go out/terratest-sentinel-sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest_test.go out/terratest-sentinel-sparkoperator_k8s_io_spark_application_v1beta2_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_identity_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_managed_identity_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v2alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v2beta1_manifest_test.go out/terratest-sentinel-sqs_services_k8s_aws_queue_v1alpha1_manifest_test.go out/terratest-sentinel-storage_k8s_io_csi_driver_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_csi_node_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_storage_class_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_volume_attachment_v1_manifest_test.go out/terratest-sentinel-storage_kubeblocks_io_storage_provider_v1alpha1_manifest_test.go out/terratest-sentinel-storageos_com_storage_os_cluster_v1_manifest_test.go out/terratest-sentinel-sts_min_io_policy_binding_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_dataplane_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_gateway_config_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_static_service_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_udp_route_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_dataplane_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_gateway_config_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_static_service_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_broker_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_service_discovery_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_submariner_v1alpha1_manifest_test.go out/terratest-sentinel-telemetry_istio_io_telemetry_v1_manifest_test.go out/terratest-sentinel-telemetry_istio_io_telemetry_v1alpha1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1alpha1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1beta1_manifest_test.go out/terratest-sentinel-tempo_grafana_com_tempo_monolithic_v1alpha1_manifest_test.go out/terratest-sentinel-tempo_grafana_com_tempo_stack_v1alpha1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_cluster_client_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_cluster_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_namespace_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_worker_process_v1beta1_manifest_test.go out/terratest-sentinel-tests_testkube_io_script_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_execution_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_source_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_execution_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_trigger_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_script_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v3_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v3_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_alarm_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_snmp_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_cassandra_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_config_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_control_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_kubemanager_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_manager_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_query_engine_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_rabbitmq_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_redis_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_vrouter_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_webui_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_zookeeper_v1alpha1_manifest_test.go out/terratest-sentinel-theketch_io_app_v1beta1_manifest_test.go out/terratest-sentinel-theketch_io_job_v1beta1_manifest_test.go out/terratest-sentinel-tinkerbell_org_hardware_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_osie_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_stack_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_template_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_workflow_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_hardware_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_osie_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_template_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_workflow_v1alpha2_manifest_test.go out/terratest-sentinel-topology_node_k8s_io_node_resource_topology_v1alpha1_manifest_test.go out/terratest-sentinel-topolvm_cybozu_com_logical_volume_v1_manifest_test.go out/terratest-sentinel-topolvm_cybozu_com_topolvm_cluster_v2_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_udp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_middleware_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_middleware_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_servers_transport_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_servers_transport_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_tls_option_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_tls_store_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_traefik_service_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_elastic_dl_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_mars_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_mpi_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_py_torch_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_tf_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_xdl_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_xg_boost_job_v1alpha1_manifest_test.go out/terratest-sentinel-trust_cert_manager_io_bundle_v1alpha1_manifest_test.go out/terratest-sentinel-upgrade_cattle_io_plan_v1_manifest_test.go out/terratest-sentinel-upgrade_managed_openshift_io_upgrade_config_v1alpha1_manifest_test.go out/terratest-sentinel-velero_io_backup_repository_v1_manifest_test.go out/terratest-sentinel-velero_io_backup_storage_location_v1_manifest_test.go out/terratest-sentinel-velero_io_backup_v1_manifest_test.go out/terratest-sentinel-velero_io_delete_backup_request_v1_manifest_test.go out/terratest-sentinel-velero_io_download_request_v1_manifest_test.go out/terratest-sentinel-velero_io_pod_volume_backup_v1_manifest_test.go out/terratest-sentinel-velero_io_pod_volume_restore_v1_manifest_test.go out/terratest-sentinel-velero_io_restore_v1_manifest_test.go out/terratest-sentinel-velero_io_schedule_v1_manifest_test.go out/terratest-sentinel-velero_io_server_status_request_v1_manifest_test.go out/terratest-sentinel-velero_io_volume_snapshot_location_v1_manifest_test.go out/terratest-sentinel-velero_io_data_download_v2alpha1_manifest_test.go out/terratest-sentinel-velero_io_data_upload_v2alpha1_manifest_test.go out/terratest-sentinel-virt_virtink_smartx_com_virtual_machine_migration_v1alpha1_manifest_test.go out/terratest-sentinel-virt_virtink_smartx_com_virtual_machine_v1alpha1_manifest_test.go out/terratest-sentinel-volsync_backube_replication_destination_v1alpha1_manifest_test.go out/terratest-sentinel-volsync_backube_replication_source_v1alpha1_manifest_test.go out/terratest-sentinel-vpcresources_k8s_aws_cni_node_v1alpha1_manifest_test.go out/terratest-sentinel-vpcresources_k8s_aws_security_group_policy_v1beta1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1alpha1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha2_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1alpha2_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1beta1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1beta1_manifest_test.go out/terratest-sentinel-wildfly_org_wild_fly_server_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_cluster_resource_binding_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_resource_binding_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_work_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_cluster_resource_binding_v1alpha2_manifest_test.go out/terratest-sentinel-work_karmada_io_resource_binding_v1alpha2_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_app_wrapper_v1beta1_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_scheduling_spec_v1beta1_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_instance_set_v1alpha1_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_replicated_state_machine_v1alpha1_manifest_test.go out/terratest-sentinel-zonecontrol_k8s_aws_zone_aware_update_v1_manifest_test.go out/terratest-sentinel-zonecontrol_k8s_aws_zone_disruption_budget_v1_manifest_test.go out/terratest-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.go ## run all terratest tests +terratests: out/terratest-sentinel-about_k8s_io_cluster_property_v1alpha1_manifest_test.go out/terratest-sentinel-acid_zalan_do_operator_configuration_v1_manifest_test.go out/terratest-sentinel-acid_zalan_do_postgres_team_v1_manifest_test.go out/terratest-sentinel-acid_zalan_do_postgresql_v1_manifest_test.go out/terratest-sentinel-acme_cert_manager_io_challenge_v1_manifest_test.go out/terratest-sentinel-acme_cert_manager_io_order_v1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_authority_activation_v1alpha1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_authority_v1alpha1_manifest_test.go out/terratest-sentinel-acmpca_services_k8s_aws_certificate_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_autoscaling_listener_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_autoscaling_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_ephemeral_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_github_com_ephemeral_runner_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_horizontal_runner_autoscaler_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_replica_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_set_v1alpha1_manifest_test.go out/terratest-sentinel-actions_summerwind_dev_runner_v1alpha1_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha3_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha3_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha4_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha4_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1beta1_manifest_test.go out/terratest-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1beta1_manifest_test.go out/terratest-sentinel-admissionregistration_k8s_io_mutating_webhook_configuration_v1_manifest_test.go out/terratest-sentinel-admissionregistration_k8s_io_validating_webhook_configuration_v1_manifest_test.go out/terratest-sentinel-agent_k8s_elastic_co_agent_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_aws_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_aws_iam_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cloud_stack_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cloud_stack_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_control_plane_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_docker_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_eksa_release_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_flux_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_git_ops_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_machine_deployment_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_node_upgrade_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_nutanix_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_nutanix_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_oidc_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_ip_pool_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_snow_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_tinkerbell_template_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_v_sphere_datacenter_config_v1alpha1_manifest_test.go out/terratest-sentinel-anywhere_eks_amazonaws_com_v_sphere_machine_config_v1alpha1_manifest_test.go out/terratest-sentinel-apacheweb_arsenal_dev_apacheweb_v1alpha1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_config_provider_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_elastic_search_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_mongo_db_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_my_sql_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_postgre_sql_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_redis_v1_manifest_test.go out/terratest-sentinel-api_clever_cloud_com_pulsar_v1beta1_manifest_test.go out/terratest-sentinel-api_kubemod_io_mod_rule_v1beta1_manifest_test.go out/terratest-sentinel-apicodegen_apimatic_io_api_matic_v1beta1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composite_resource_definition_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_revision_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_v1_manifest_test.go out/terratest-sentinel-apiextensions_crossplane_io_composition_revision_v1beta1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_api_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_authorizer_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_integration_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_route_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_stage_v1alpha1_manifest_test.go out/terratest-sentinel-apigatewayv2_services_k8s_aws_vpc_link_v1alpha1_manifest_test.go out/terratest-sentinel-apiregistration_k8s_io_api_service_v1_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_cluster_config_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_consumer_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_global_rule_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_plugin_config_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_route_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_tls_v2_manifest_test.go out/terratest-sentinel-apisix_apache_org_apisix_upstream_v2_manifest_test.go out/terratest-sentinel-apm_k8s_elastic_co_apm_server_v1_manifest_test.go out/terratest-sentinel-apm_k8s_elastic_co_apm_server_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_build_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_infra_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_runtime_v1beta1_manifest_test.go out/terratest-sentinel-app_kiegroup_org_kogito_supporting_service_v1beta1_manifest_test.go out/terratest-sentinel-app_lightbend_com_akka_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_cluster_v1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_active_active_database_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_database_v1alpha1_manifest_test.go out/terratest-sentinel-app_redislabs_com_redis_enterprise_remote_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-app_terraform_io_agent_pool_v1alpha2_manifest_test.go out/terratest-sentinel-app_terraform_io_module_v1alpha2_manifest_test.go out/terratest-sentinel-app_terraform_io_workspace_v1alpha2_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_access_log_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_iam_auth_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_service_import_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_target_group_policy_v1alpha1_manifest_test.go out/terratest-sentinel-application_networking_k8s_aws_vpc_association_policy_v1alpha1_manifest_test.go out/terratest-sentinel-applicationautoscaling_services_k8s_aws_scalable_target_v1alpha1_manifest_test.go out/terratest-sentinel-applicationautoscaling_services_k8s_aws_scaling_policy_v1alpha1_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_backend_group_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_gateway_route_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_mesh_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_gateway_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_node_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_router_v1beta2_manifest_test.go out/terratest-sentinel-appmesh_k8s_aws_virtual_service_v1beta2_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_log_conf_v1beta1_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_policy_v1beta1_manifest_test.go out/terratest-sentinel-appprotect_f5_com_ap_user_sig_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_ap_dos_log_conf_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_ap_dos_policy_v1beta1_manifest_test.go out/terratest-sentinel-appprotectdos_f5_com_dos_protected_resource_v1beta1_manifest_test.go out/terratest-sentinel-apps_3scale_net_ap_icast_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_backup_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_restore_v1alpha1_manifest_test.go out/terratest-sentinel-apps_3scale_net_api_manager_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_base_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_description_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_feed_inventory_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_globalization_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_helm_chart_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_helm_release_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_localization_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_manifest_v1alpha1_manifest_test.go out/terratest-sentinel-apps_clusternet_io_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_broker_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_enterprise_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_plugin_v1beta3_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_broker_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_enterprise_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_plugin_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_rebalance_v1beta4_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_v2alpha1_manifest_test.go out/terratest-sentinel-apps_emqx_io_emqx_v2beta1_manifest_test.go out/terratest-sentinel-apps_emqx_io_rebalance_v2beta1_manifest_test.go out/terratest-sentinel-apps_gitlab_com_git_lab_v1beta1_manifest_test.go out/terratest-sentinel-apps_gitlab_com_runner_v1beta2_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_cluster_version_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_class_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_resource_constraint_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_component_version_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_config_constraint_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_ops_definition_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_ops_request_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_service_descriptor_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeblocks_io_config_constraint_v1beta1_manifest_test.go out/terratest-sentinel-apps_kubedl_io_cron_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeedge_io_edge_application_v1alpha1_manifest_test.go out/terratest-sentinel-apps_kubeedge_io_node_group_v1alpha1_manifest_test.go out/terratest-sentinel-apps_m88i_io_nexus_v1alpha1_manifest_test.go out/terratest-sentinel-apps_redhat_com_cluster_impairment_v1alpha1_manifest_test.go out/terratest-sentinel-apps_daemon_set_v1_manifest_test.go out/terratest-sentinel-apps_deployment_v1_manifest_test.go out/terratest-sentinel-apps_replica_set_v1_manifest_test.go out/terratest-sentinel-apps_stateful_set_v1_manifest_test.go out/terratest-sentinel-aquasecurity_github_io_aqua_starboard_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_app_project_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_application_set_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_application_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_export_v1alpha1_manifest_test.go out/terratest-sentinel-argoproj_io_argo_cd_v1beta1_manifest_test.go out/terratest-sentinel-asdb_aerospike_com_aerospike_cluster_v1_manifest_test.go out/terratest-sentinel-asdb_aerospike_com_aerospike_cluster_v1beta1_manifest_test.go out/terratest-sentinel-atlasmap_io_atlas_map_v1alpha1_manifest_test.go out/terratest-sentinel-auth_ops42_org_aws_auth_sync_config_v1alpha1_manifest_test.go out/terratest-sentinel-authzed_com_spice_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-automation_kubensync_com_managed_resource_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_elastic_co_elasticsearch_autoscaler_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1beta2_manifest_test.go out/terratest-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1beta2_manifest_test.go out/terratest-sentinel-autoscaling_karmada_io_cron_federated_hpa_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_karmada_io_federated_hpa_v1alpha1_manifest_test.go out/terratest-sentinel-autoscaling_horizontal_pod_autoscaler_v1_manifest_test.go out/terratest-sentinel-autoscaling_horizontal_pod_autoscaler_v2_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_v1beta1_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_backup_v1beta1_manifest_test.go out/terratest-sentinel-awx_ansible_com_awx_restore_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_apim_service_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_api_mgmt_api_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_app_insights_api_key_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_app_insights_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_load_balancer_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_network_interface_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_public_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_action_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_failover_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_managed_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_virtual_machine_extension_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_virtual_machine_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_vm_scale_set_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_blob_container_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_consumer_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_cosmos_db_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_eventhub_namespace_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_eventhub_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_key_vault_key_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_key_vault_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_administrator_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_database_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_user_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sqlv_net_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_redis_cache_action_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_redis_cache_firewall_rule_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_resource_group_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_storage_account_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_virtual_network_v1alpha1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_blob_container_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_server_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_my_sql_user_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha2_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_database_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_failover_group_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1beta1_manifest_test.go out/terratest-sentinel-azure_microsoft_com_azure_sql_server_v1beta1_manifest_test.go out/terratest-sentinel-b3scale_infra_run_bbb_frontend_v1_manifest_test.go out/terratest-sentinel-batch_cron_job_v1_manifest_test.go out/terratest-sentinel-batch_job_v1_manifest_test.go out/terratest-sentinel-batch_volcano_sh_job_v1alpha1_manifest_test.go out/terratest-sentinel-beat_k8s_elastic_co_beat_v1beta1_manifest_test.go out/terratest-sentinel-beegfs_csi_netapp_com_beegfs_driver_v1_manifest_test.go out/terratest-sentinel-binding_operators_coreos_com_service_binding_v1alpha1_manifest_test.go out/terratest-sentinel-bitnami_com_sealed_secret_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_job_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_machine_v1alpha1_manifest_test.go out/terratest-sentinel-bmc_tinkerbell_org_task_v1alpha1_manifest_test.go out/terratest-sentinel-boskos_k8s_io_drlc_object_v1_manifest_test.go out/terratest-sentinel-boskos_k8s_io_resource_object_v1_manifest_test.go out/terratest-sentinel-bpfman_io_bpf_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_fentry_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_fexit_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_kprobe_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_tc_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_tracepoint_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_uprobe_program_v1alpha1_manifest_test.go out/terratest-sentinel-bpfman_io_xdp_program_v1alpha1_manifest_test.go out/terratest-sentinel-bus_volcano_sh_command_v1alpha1_manifest_test.go out/terratest-sentinel-cache_kubedl_io_cache_backend_v1alpha1_manifest_test.go out/terratest-sentinel-caching_ibm_com_varnish_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-camel_apache_org_build_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_camel_catalog_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_kit_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_platform_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_profile_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_integration_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_pipe_v1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_binding_v1alpha1_manifest_test.go out/terratest-sentinel-camel_apache_org_kamelet_v1alpha1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_canary_v1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_component_v1_manifest_test.go out/terratest-sentinel-canaries_flanksource_com_topology_v1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_tenant_v1alpha1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_active_doc_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_application_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_backend_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_custom_policy_definition_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_developer_account_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_developer_user_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_open_api_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_product_v1beta1_manifest_test.go out/terratest-sentinel-capabilities_3scale_net_proxy_config_promote_v1beta1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_capsule_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1alpha1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1beta1_manifest_test.go out/terratest-sentinel-capsule_clastix_io_capsule_configuration_v1beta2_manifest_test.go out/terratest-sentinel-capsule_clastix_io_tenant_v1beta2_manifest_test.go out/terratest-sentinel-cassandra_datastax_com_cassandra_datacenter_v1beta1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_block_pool_rados_namespace_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_block_pool_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_bucket_notification_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_bucket_topic_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_client_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_cluster_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_cosi_driver_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_mirror_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_sub_volume_group_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_filesystem_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_nfs_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_realm_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_store_user_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_store_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_zone_group_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_object_zone_v1_manifest_test.go out/terratest-sentinel-ceph_rook_io_ceph_rbd_mirror_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_certificate_request_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_certificate_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_cluster_issuer_v1_manifest_test.go out/terratest-sentinel-cert_manager_io_issuer_v1_manifest_test.go out/terratest-sentinel-certificates_k8s_io_certificate_signing_request_v1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_test_v1alpha1_manifest_test.go out/terratest-sentinel-chainsaw_kyverno_io_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-chaos_mesh_org_aws_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_azure_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_block_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_dns_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_gcp_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_http_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_io_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_jvm_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_kernel_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_network_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_physical_machine_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_physical_machine_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_http_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_io_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_pod_network_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_remote_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_status_check_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_stress_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_time_chaos_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_workflow_node_v1alpha1_manifest_test.go out/terratest-sentinel-chaos_mesh_org_workflow_v1alpha1_manifest_test.go out/terratest-sentinel-chaosblade_io_chaos_blade_v1alpha1_manifest_test.go out/terratest-sentinel-charts_amd_com_amdgpu_v1alpha1_manifest_test.go out/terratest-sentinel-charts_flagsmith_com_flagsmith_v1alpha1_manifest_test.go out/terratest-sentinel-charts_helm_k8s_io_snyk_monitor_v1alpha1_manifest_test.go out/terratest-sentinel-charts_opdev_io_synapse_v1alpha1_manifest_test.go out/terratest-sentinel-charts_operatorhub_io_cockroachdb_v1alpha1_manifest_test.go out/terratest-sentinel-che_eclipse_org_kubernetes_image_puller_v1alpha1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_provisioner_v1_manifest_test.go out/terratest-sentinel-chisel_operator_io_exit_node_v1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_clusterwide_envoy_config_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_clusterwide_network_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_egress_gateway_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_envoy_config_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_external_workload_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_identity_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_local_redirect_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_network_policy_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_node_v2_manifest_test.go out/terratest-sentinel-cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_cidr_group_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_endpoint_slice_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_node_config_v2alpha1_manifest_test.go out/terratest-sentinel-cilium_io_cilium_pod_ip_pool_v2alpha1_manifest_test.go out/terratest-sentinel-claudie_io_input_manifest_v1beta1_manifest_test.go out/terratest-sentinel-cloudformation_linki_space_stack_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_cache_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_distribution_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_function_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_origin_request_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudfront_services_k8s_aws_response_headers_policy_v1alpha1_manifest_test.go out/terratest-sentinel-cloudtrail_services_k8s_aws_event_data_store_v1alpha1_manifest_test.go out/terratest-sentinel-cloudtrail_services_k8s_aws_trail_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_aws_amazon_com_amazon_cloud_watch_agent_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_aws_amazon_com_instrumentation_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatch_services_k8s_aws_metric_alarm_v1alpha1_manifest_test.go out/terratest-sentinel-cloudwatchlogs_services_k8s_aws_log_group_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_clusterpedia_io_cluster_sync_resources_v1alpha2_manifest_test.go out/terratest-sentinel-cluster_clusterpedia_io_pedia_cluster_v1alpha2_manifest_test.go out/terratest-sentinel-cluster_ipfs_io_circuit_relay_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_ipfs_io_ipfs_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1alpha3_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_class_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1alpha4_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_class_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_cluster_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_deployment_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_health_check_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_pool_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_set_v1beta1_manifest_test.go out/terratest-sentinel-cluster_x_k8s_io_machine_v1beta1_manifest_test.go out/terratest-sentinel-clusters_clusternet_io_cluster_registration_request_v1beta1_manifest_test.go out/terratest-sentinel-clusters_clusternet_io_managed_cluster_v1beta1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_instance_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_quota_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_setup_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_cluster_template_v1alpha1_manifest_test.go out/terratest-sentinel-clustertemplate_openshift_io_config_v1alpha1_manifest_test.go out/terratest-sentinel-confidentialcontainers_org_cc_runtime_v1beta1_manifest_test.go out/terratest-sentinel-config_gatekeeper_sh_config_v1alpha1_manifest_test.go out/terratest-sentinel-config_grafana_com_project_config_v1_manifest_test.go out/terratest-sentinel-config_karmada_io_resource_interpreter_customization_v1alpha1_manifest_test.go out/terratest-sentinel-config_karmada_io_resource_interpreter_webhook_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-config_koordinator_sh_cluster_colocation_profile_v1alpha1_manifest_test.go out/terratest-sentinel-config_storageos_com_operator_config_v1_manifest_test.go out/terratest-sentinel-control_k8ssandra_io_cassandra_task_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_collected_status_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_federated_object_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_collected_status_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_object_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_federated_type_config_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_scheduler_plugin_webhook_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-core_kubeadmiral_io_scheduling_profile_v1alpha1_manifest_test.go out/terratest-sentinel-core_linuxsuren_github_com_a_test_v1alpha1_manifest_test.go out/terratest-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-core_strimzi_io_strimzi_pod_set_v1beta2_manifest_test.go out/terratest-sentinel-config_map_v1_manifest_test.go out/terratest-sentinel-endpoints_v1_manifest_test.go out/terratest-sentinel-limit_range_v1_manifest_test.go out/terratest-sentinel-namespace_v1_manifest_test.go out/terratest-sentinel-persistent_volume_claim_v1_manifest_test.go out/terratest-sentinel-persistent_volume_v1_manifest_test.go out/terratest-sentinel-pod_v1_manifest_test.go out/terratest-sentinel-replication_controller_v1_manifest_test.go out/terratest-sentinel-secret_v1_manifest_test.go out/terratest-sentinel-service_account_v1_manifest_test.go out/terratest-sentinel-service_v1_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_autoscaler_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_backup_restore_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_backup_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_cluster_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_collection_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_collection_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_ephemeral_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_memcached_bucket_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_migration_replication_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_replication_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_role_binding_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_scope_group_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_scope_v2_manifest_test.go out/terratest-sentinel-couchbase_com_couchbase_user_v2_manifest_test.go out/terratest-sentinel-craftypath_github_io_sops_secret_v1alpha1_manifest_test.go out/terratest-sentinel-crane_konveyor_io_operator_config_v1alpha1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_filter_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_bgp_peer_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_block_affinity_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_calico_node_status_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_cluster_information_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_felix_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_global_network_policy_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_global_network_set_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_host_endpoint_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_block_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_config_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ipam_handle_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ip_pool_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_ip_reservation_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_kube_controllers_configuration_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_network_policy_v1_manifest_test.go out/terratest-sentinel-crd_projectcalico_org_network_set_v1_manifest_test.go out/terratest-sentinel-data_fluid_io_alluxio_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_data_backup_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_data_load_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_dataset_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_goose_fs_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_jindo_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_juice_fs_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_thin_runtime_profile_v1alpha1_manifest_test.go out/terratest-sentinel-data_fluid_io_thin_runtime_v1alpha1_manifest_test.go out/terratest-sentinel-databases_schemahero_io_database_v1alpha4_manifest_test.go out/terratest-sentinel-databases_spotahome_com_redis_failover_v1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_agent_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_metric_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_monitor_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_slo_v1alpha1_manifest_test.go out/terratest-sentinel-datadoghq_com_datadog_agent_v2alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_action_set_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_policy_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_repo_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_backup_v1alpha1_manifest_test.go out/terratest-sentinel-dataprotection_kubeblocks_io_restore_v1alpha1_manifest_test.go out/terratest-sentinel-designer_kaoto_io_kaoto_v1alpha1_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_model_v1alpha2_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_v1alpha2_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_model_v1beta1_manifest_test.go out/terratest-sentinel-devices_kubeedge_io_device_v1beta1_manifest_test.go out/terratest-sentinel-devops_kubesphere_io_releaser_controller_v1alpha1_manifest_test.go out/terratest-sentinel-devops_kubesphere_io_releaser_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_identity_provider_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_o_auth2_client_v1alpha1_manifest_test.go out/terratest-sentinel-dex_gpu_ninja_com_dex_user_v1alpha1_manifest_test.go out/terratest-sentinel-digitalis_io_vals_secret_v1_manifest_test.go out/terratest-sentinel-digitalis_io_db_secret_v1beta1_manifest_test.go out/terratest-sentinel-discovery_k8s_io_endpoint_slice_v1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/terratest-sentinel-documentdb_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-druid_apache_org_druid_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_backup_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_global_table_v1alpha1_manifest_test.go out/terratest-sentinel-dynamodb_services_k8s_aws_table_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_dhcp_options_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_elastic_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_instance_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_internet_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_nat_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_route_table_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_security_group_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_subnet_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_transit_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_vpc_v1alpha1_manifest_test.go out/terratest-sentinel-ec2_services_k8s_aws_vpc_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-ecr_services_k8s_aws_pull_through_cache_rule_v1alpha1_manifest_test.go out/terratest-sentinel-ecr_services_k8s_aws_repository_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_access_point_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_file_system_v1alpha1_manifest_test.go out/terratest-sentinel-efs_services_k8s_aws_mount_target_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_addon_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_fargate_profile_v1alpha1_manifest_test.go out/terratest-sentinel-eks_services_k8s_aws_nodegroup_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_replication_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_user_group_v1alpha1_manifest_test.go out/terratest-sentinel-elasticache_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest_test.go out/terratest-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_target_group_binding_v1alpha1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_ingress_class_params_v1beta1_manifest_test.go out/terratest-sentinel-elbv2_k8s_aws_target_group_binding_v1beta1_manifest_test.go out/terratest-sentinel-emrcontainers_services_k8s_aws_job_run_v1alpha1_manifest_test.go out/terratest-sentinel-emrcontainers_services_k8s_aws_virtual_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-ensembleoss_io_cluster_v1_manifest_test.go out/terratest-sentinel-ensembleoss_io_resource_v1_manifest_test.go out/terratest-sentinel-enterprise_gloo_solo_io_auth_config_v1_manifest_test.go out/terratest-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest_test.go out/terratest-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest_test.go out/terratest-sentinel-events_k8s_io_event_v1_manifest_test.go out/terratest-sentinel-everest_percona_com_backup_storage_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_backup_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_restore_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_database_engine_v1alpha1_manifest_test.go out/terratest-sentinel-everest_percona_com_monitoring_config_v1alpha1_manifest_test.go out/terratest-sentinel-execution_furiko_io_job_config_v1alpha1_manifest_test.go out/terratest-sentinel-execution_furiko_io_job_v1alpha1_manifest_test.go out/terratest-sentinel-executor_testkube_io_executor_v1_manifest_test.go out/terratest-sentinel-executor_testkube_io_webhook_v1_manifest_test.go out/terratest-sentinel-expansion_gatekeeper_sh_expansion_template_v1alpha1_manifest_test.go out/terratest-sentinel-expansion_gatekeeper_sh_expansion_template_v1beta1_manifest_test.go out/terratest-sentinel-extensions_istio_io_wasm_plugin_v1alpha1_manifest_test.go out/terratest-sentinel-extensions_kubeblocks_io_addon_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_secret_store_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_external_secret_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_secret_store_v1alpha1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_external_secret_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_cluster_secret_store_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_external_secret_v1beta1_manifest_test.go out/terratest-sentinel-external_secrets_io_secret_store_v1beta1_manifest_test.go out/terratest-sentinel-externaldata_gatekeeper_sh_provider_v1alpha1_manifest_test.go out/terratest-sentinel-externaldata_gatekeeper_sh_provider_v1beta1_manifest_test.go out/terratest-sentinel-externaldns_k8s_io_dns_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-externaldns_nginx_org_dns_endpoint_v1_manifest_test.go out/terratest-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-flagger_app_alert_provider_v1beta1_manifest_test.go out/terratest-sentinel-flagger_app_canary_v1beta1_manifest_test.go out/terratest-sentinel-flagger_app_metric_template_v1beta1_manifest_test.go out/terratest-sentinel-flink_apache_org_flink_deployment_v1beta1_manifest_test.go out/terratest-sentinel-flink_apache_org_flink_session_job_v1beta1_manifest_test.go out/terratest-sentinel-flow_volcano_sh_job_flow_v1alpha1_manifest_test.go out/terratest-sentinel-flow_volcano_sh_job_template_v1alpha1_manifest_test.go out/terratest-sentinel-flowcontrol_apiserver_k8s_io_flow_schema_v1beta3_manifest_test.go out/terratest-sentinel-flowcontrol_apiserver_k8s_io_priority_level_configuration_v1beta3_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1alpha1_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1beta1_manifest_test.go out/terratest-sentinel-flows_netobserv_io_flow_collector_v1beta2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_filter_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_fluent_bit_config_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_input_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_output_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_cluster_parser_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_collector_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_filter_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_fluent_bit_config_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_fluent_bit_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_output_v1alpha2_manifest_test.go out/terratest-sentinel-fluentbit_fluent_io_parser_v1alpha2_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_filter_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_fluentd_config_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_input_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_cluster_output_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_filter_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_fluentd_config_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_fluentd_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_input_v1alpha1_manifest_test.go out/terratest-sentinel-fluentd_fluent_io_output_v1alpha1_manifest_test.go out/terratest-sentinel-flux_framework_org_mini_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-flux_framework_org_mini_cluster_v1alpha2_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_forklift_controller_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_hook_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_host_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_migration_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_network_map_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_openstack_volume_populator_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_ovirt_volume_populator_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_plan_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_provider_v1beta1_manifest_test.go out/terratest-sentinel-forklift_konveyor_io_storage_map_v1beta1_manifest_test.go out/terratest-sentinel-fossul_io_backup_config_v1_manifest_test.go out/terratest-sentinel-fossul_io_backup_schedule_v1_manifest_test.go out/terratest-sentinel-fossul_io_backup_v1_manifest_test.go out/terratest-sentinel-fossul_io_fossul_v1_manifest_test.go out/terratest-sentinel-fossul_io_restore_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_class_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_grpc_route_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_http_route_v1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_grpc_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_tls_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_udp_route_v1alpha2_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_class_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_gateway_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_http_route_v1beta1_manifest_test.go out/terratest-sentinel-gateway_networking_k8s_io_reference_grant_v1beta1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_client_settings_policy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_nginx_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_nginx_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_nginx_org_observability_policy_v1alpha1_manifest_test.go out/terratest-sentinel-gateway_solo_io_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_matchable_http_gateway_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_route_option_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_route_table_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_virtual_host_option_v1_manifest_test.go out/terratest-sentinel-gateway_solo_io_virtual_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v1_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v1_manifest_test.go out/terratest-sentinel-getambassador_io_module_v1_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v1_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v1_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v2_manifest_test.go out/terratest-sentinel-getambassador_io_host_v2_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v2_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v2_manifest_test.go out/terratest-sentinel-getambassador_io_module_v2_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v2_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v2_manifest_test.go out/terratest-sentinel-getambassador_io_auth_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_consul_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_dev_portal_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_host_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_endpoint_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_kubernetes_service_resolver_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_listener_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_log_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_mapping_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_module_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_rate_limit_service_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tcp_mapping_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tls_context_v3alpha1_manifest_test.go out/terratest-sentinel-getambassador_io_tracing_service_v3alpha1_manifest_test.go out/terratest-sentinel-gitops_hybrid_cloud_patterns_io_pattern_v1alpha1_manifest_test.go out/terratest-sentinel-gloo_solo_io_proxy_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_settings_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_upstream_group_v1_manifest_test.go out/terratest-sentinel-gloo_solo_io_upstream_v1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_dashboard_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_datasource_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_folder_v1beta1_manifest_test.go out/terratest-sentinel-grafana_integreatly_org_grafana_v1beta1_manifest_test.go out/terratest-sentinel-graphql_gloo_solo_io_graph_ql_api_v1beta1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_class_v1alpha1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_content_v1alpha1_manifest_test.go out/terratest-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_cron_hot_backup_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_hazelcast_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_hot_backup_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_management_center_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_map_v1alpha1_manifest_test.go out/terratest-sentinel-hazelcast_com_wan_replication_v1alpha1_manifest_test.go out/terratest-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go out/terratest-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest_test.go out/terratest-sentinel-hive_openshift_io_checkpoint_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_claim_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deployment_customization_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deployment_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_deprovision_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_image_set_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_pool_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_provision_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_relocate_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_cluster_state_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_dns_zone_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_hive_config_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_machine_pool_name_lease_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_machine_pool_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_selector_sync_identity_provider_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_selector_sync_set_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_sync_identity_provider_v1_manifest_test.go out/terratest-sentinel-hive_openshift_io_sync_set_v1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_cluster_sync_lease_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_cluster_sync_v1alpha1_manifest_test.go out/terratest-sentinel-hiveinternal_openshift_io_fake_cluster_install_v1alpha1_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hierarchical_resource_quota_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hierarchy_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_hnc_configuration_v1alpha2_manifest_test.go out/terratest-sentinel-hnc_x_k8s_io_subnamespace_anchor_v1alpha2_manifest_test.go out/terratest-sentinel-hyperfoil_io_horreum_v1alpha1_manifest_test.go out/terratest-sentinel-hyperfoil_io_hyperfoil_v1alpha2_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_group_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_instance_profile_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_open_id_connect_provider_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_policy_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_role_v1alpha1_manifest_test.go out/terratest-sentinel-iam_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-ibmcloud_ibm_com_composable_v1alpha1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta2_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta2_manifest_test.go out/terratest-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_event_bridge_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_event_driven_ingestion_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_instance_binding_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicom_study_binding_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dicomweb_ingestion_service_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dimse_ingestion_service_v1alpha1_manifest_test.go out/terratest-sentinel-imaging_ingestion_alvearie_org_dimse_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-inference_kubedl_io_elastic_batch_job_v1alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_infinispan_v1_manifest_test.go out/terratest-sentinel-infinispan_org_backup_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_batch_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_cache_v2alpha1_manifest_test.go out/terratest-sentinel-infinispan_org_restore_v2alpha1_manifest_test.go out/terratest-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha1_manifest_test.go out/terratest-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_template_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_template_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_v1alpha1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha3_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha4_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1beta1_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta2_manifest_test.go out/terratest-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta2_manifest_test.go out/terratest-sentinel-installation_mattermost_com_mattermost_v1beta1_manifest_test.go out/terratest-sentinel-instana_io_instana_agent_v1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_deferred_resource_v1beta1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_plug_v1beta1_manifest_test.go out/terratest-sentinel-integration_rock8s_com_socket_v1beta1_manifest_test.go out/terratest-sentinel-iot_eclipse_org_ditto_v1alpha1_manifest_test.go out/terratest-sentinel-iot_eclipse_org_hawkbit_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_v1alpha1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1beta1_manifest_test.go out/terratest-sentinel-ipam_cluster_x_k8s_io_ip_address_v1beta1_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha1_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha2_manifest_test.go out/terratest-sentinel-isindir_github_com_sops_secret_v1alpha3_manifest_test.go out/terratest-sentinel-jaegertracing_io_jaeger_v1_manifest_test.go out/terratest-sentinel-jobset_x_k8s_io_job_set_v1alpha2_manifest_test.go out/terratest-sentinel-jobsmanager_raczylo_com_managed_job_v1beta1_manifest_test.go out/terratest-sentinel-k6_io_k6_v1alpha1_manifest_test.go out/terratest-sentinel-k6_io_private_load_zone_v1alpha1_manifest_test.go out/terratest-sentinel-k6_io_test_run_v1alpha1_manifest_test.go out/terratest-sentinel-k8gb_absa_oss_gslb_v1beta1_manifest_test.go out/terratest-sentinel-k8s_keycloak_org_keycloak_realm_import_v2alpha1_manifest_test.go out/terratest-sentinel-k8s_keycloak_org_keycloak_v2alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_backup_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_connection_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_database_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_grant_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_maria_db_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_max_scale_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_restore_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_sql_job_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_mariadb_com_user_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_global_configuration_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_policy_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_transport_server_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_virtual_server_route_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_virtual_server_v1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_global_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_policy_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_nginx_org_transport_server_v1alpha1_manifest_test.go out/terratest-sentinel-k8s_otterize_com_client_intents_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_kafka_server_config_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_protected_service_v1alpha2_manifest_test.go out/terratest-sentinel-k8s_otterize_com_client_intents_v1alpha3_manifest_test.go out/terratest-sentinel-k8s_otterize_com_kafka_server_config_v1alpha3_manifest_test.go out/terratest-sentinel-k8s_otterize_com_protected_service_v1alpha3_manifest_test.go out/terratest-sentinel-k8up_io_archive_v1_manifest_test.go out/terratest-sentinel-k8up_io_backup_v1_manifest_test.go out/terratest-sentinel-k8up_io_check_v1_manifest_test.go out/terratest-sentinel-k8up_io_pre_backup_pod_v1_manifest_test.go out/terratest-sentinel-k8up_io_prune_v1_manifest_test.go out/terratest-sentinel-k8up_io_restore_v1_manifest_test.go out/terratest-sentinel-k8up_io_schedule_v1_manifest_test.go out/terratest-sentinel-k8up_io_snapshot_v1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_cruise_control_operation_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_topic_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_user_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_banzaicloud_io_kafka_cluster_v1beta1_manifest_test.go out/terratest-sentinel-kafka_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1alpha1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1beta1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1beta1_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_bridge_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_connect_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_connector_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_mirror_maker2_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_mirror_maker_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_rebalance_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_topic_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_user_v1beta2_manifest_test.go out/terratest-sentinel-kafka_strimzi_io_kafka_v1beta2_manifest_test.go out/terratest-sentinel-kamaji_clastix_io_data_store_v1alpha1_manifest_test.go out/terratest-sentinel-kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-karpenter_k8s_aws_ec2_node_class_v1beta1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_claim_v1beta1_manifest_test.go out/terratest-sentinel-karpenter_sh_node_pool_v1beta1_manifest_test.go out/terratest-sentinel-keda_sh_cluster_trigger_authentication_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_scaled_job_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_scaled_object_v1alpha1_manifest_test.go out/terratest-sentinel-keda_sh_trigger_authentication_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_k8s_reddec_net_keycloak_client_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_backup_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_client_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_realm_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_user_v1alpha1_manifest_test.go out/terratest-sentinel-keycloak_org_keycloak_v1alpha1_manifest_test.go out/terratest-sentinel-keyspaces_services_k8s_aws_keyspace_v1alpha1_manifest_test.go out/terratest-sentinel-keyspaces_services_k8s_aws_table_v1alpha1_manifest_test.go out/terratest-sentinel-kiali_io_kiali_v1alpha1_manifest_test.go out/terratest-sentinel-kibana_k8s_elastic_co_kibana_v1_manifest_test.go out/terratest-sentinel-kibana_k8s_elastic_co_kibana_v1beta1_manifest_test.go out/terratest-sentinel-kinesis_services_k8s_aws_stream_v1alpha1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_module_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_node_modules_config_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta1_manifest_test.go out/terratest-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta2_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_alias_v1alpha1_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_grant_v1alpha1_manifest_test.go out/terratest-sentinel-kms_services_k8s_aws_key_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_dns_record_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_managed_zone_v1alpha1_manifest_test.go out/terratest-sentinel-kuadrant_io_kuadrant_v1beta1_manifest_test.go out/terratest-sentinel-kuadrant_io_auth_policy_v1beta2_manifest_test.go out/terratest-sentinel-kuadrant_io_rate_limit_policy_v1beta2_manifest_test.go out/terratest-sentinel-kube_green_com_sleep_info_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_cluster_operation_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_local_artifact_set_v1alpha1_manifest_test.go out/terratest-sentinel-kubean_io_manifest_v1alpha1_manifest_test.go out/terratest-sentinel-kubecost_com_turndown_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-kubevious_io_workload_profile_v1alpha1_manifest_test.go out/terratest-sentinel-kubevious_io_workload_v1alpha1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_admission_check_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_cluster_queue_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_local_queue_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_resource_flavor_v1beta1_manifest_test.go out/terratest-sentinel-kueue_x_k8s_io_workload_v1beta1_manifest_test.go out/terratest-sentinel-kuma_io_circuit_breaker_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_container_patch_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_dataplane_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_dataplane_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_external_service_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_fault_injection_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_access_log_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_circuit_breaker_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_fault_injection_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_config_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_instance_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_http_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_load_balancing_strategy_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_proxy_patch_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_rate_limit_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_retry_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_tcp_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_timeout_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_trace_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_traffic_permission_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_mesh_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_proxy_template_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_rate_limit_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_retry_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_service_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_timeout_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_log_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_permission_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_route_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_traffic_trace_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_virtual_outbound_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_egress_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_egress_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_ingress_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_ingress_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_insight_v1alpha1_manifest_test.go out/terratest-sentinel-kuma_io_zone_v1alpha1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta1_manifest_test.go out/terratest-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_policy_v1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_v1_manifest_test.go out/terratest-sentinel-kyverno_io_admission_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_background_scan_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_admission_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_background_scan_report_v1alpha2_manifest_test.go out/terratest-sentinel-kyverno_io_update_request_v1beta1_manifest_test.go out/terratest-sentinel-kyverno_io_admission_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_background_scan_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_admission_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_background_scan_report_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2_manifest_test.go out/terratest-sentinel-kyverno_io_update_request_v2_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_global_context_entry_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2alpha1_manifest_test.go out/terratest-sentinel-kyverno_io_cleanup_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_cleanup_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_cluster_policy_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_exception_v2beta1_manifest_test.go out/terratest-sentinel-kyverno_io_policy_v2beta1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_alias_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_code_signing_config_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_function_url_config_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_function_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_layer_version_v1alpha1_manifest_test.go out/terratest-sentinel-lambda_services_k8s_aws_version_v1alpha1_manifest_test.go out/terratest-sentinel-lb_lbconfig_carlosedp_com_external_load_balancer_v1_manifest_test.go out/terratest-sentinel-leaksignal_com_cluster_leaksignal_istio_v1_manifest_test.go out/terratest-sentinel-leaksignal_com_leaksignal_istio_v1_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta4_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta5_manifest_test.go out/terratest-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta5_manifest_test.go out/terratest-sentinel-limitador_kuadrant_io_limitador_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_engine_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_experiment_v1alpha1_manifest_test.go out/terratest-sentinel-litmuschaos_io_chaos_result_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_flow_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_output_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_flow_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_logging_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_output_v1alpha1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_cluster_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_logging_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_node_agent_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_cluster_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_cluster_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_flow_v1beta1_manifest_test.go out/terratest-sentinel-logging_banzaicloud_io_syslog_ng_output_v1beta1_manifest_test.go out/terratest-sentinel-logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest_test.go out/terratest-sentinel-logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest_test.go out/terratest-sentinel-loki_grafana_com_alerting_rule_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_loki_stack_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_recording_rule_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_ruler_config_v1_manifest_test.go out/terratest-sentinel-loki_grafana_com_alerting_rule_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_loki_stack_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_recording_rule_v1beta1_manifest_test.go out/terratest-sentinel-loki_grafana_com_ruler_config_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_data_source_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_target_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backup_volume_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_engine_image_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_engine_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_instance_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_node_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_recurring_job_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_replica_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_setting_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_share_manager_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_volume_v1beta1_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_data_source_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backing_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_backing_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_target_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_backup_volume_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_engine_image_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_engine_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_instance_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_node_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_orphan_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_recurring_job_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_replica_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_setting_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_share_manager_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_snapshot_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_support_bundle_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_system_backup_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_system_restore_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_volume_attachment_v1beta2_manifest_test.go out/terratest-sentinel-longhorn_io_volume_v1beta2_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_moodle_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_nginx_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_phpfpm_v1alpha1_manifest_test.go out/terratest-sentinel-m4e_krestomat_io_routine_v1alpha1_manifest_test.go out/terratest-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_backup_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_connection_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_database_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_grant_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_maria_db_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_restore_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_sql_job_v1alpha1_manifest_test.go out/terratest-sentinel-mariadb_mmontes_io_user_v1alpha1_manifest_test.go out/terratest-sentinel-marin3r_3scale_net_envoy_config_revision_v1alpha1_manifest_test.go out/terratest-sentinel-marin3r_3scale_net_envoy_config_v1alpha1_manifest_test.go out/terratest-sentinel-mattermost_com_cluster_installation_v1alpha1_manifest_test.go out/terratest-sentinel-mattermost_com_mattermost_restore_db_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_acl_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-memorydb_services_k8s_aws_user_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_composite_controller_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_controller_revision_v1alpha1_manifest_test.go out/terratest-sentinel-metacontroller_k8s_io_decorator_controller_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_bare_metal_host_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_bmc_event_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_data_image_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_firmware_schema_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_hardware_data_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_host_firmware_components_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_host_firmware_settings_v1alpha1_manifest_test.go out/terratest-sentinel-metal3_io_preprovisioning_image_v1alpha1_manifest_test.go out/terratest-sentinel-minio_min_io_tenant_v2_manifest_test.go out/terratest-sentinel-mirrors_kts_studio_secret_mirror_v1alpha1_manifest_test.go out/terratest-sentinel-mirrors_kts_studio_secret_mirror_v1alpha2_manifest_test.go out/terratest-sentinel-model_kubedl_io_model_v1alpha1_manifest_test.go out/terratest-sentinel-model_kubedl_io_model_version_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_pod_monitor_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_probe_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_rule_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_service_monitor_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_thanos_ruler_v1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_config_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_prometheus_agent_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_scrape_config_v1alpha1_manifest_test.go out/terratest-sentinel-monitoring_coreos_com_alertmanager_config_v1beta1_manifest_test.go out/terratest-sentinel-monocle_monocle_change_metrics_io_monocle_v1alpha1_manifest_test.go out/terratest-sentinel-mq_services_k8s_aws_broker_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_label_identity_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_member_cluster_announce_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_multi_cluster_config_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_resource_export_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_resource_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_claim_v1alpha2_manifest_test.go out/terratest-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha2_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_applied_work_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_service_import_v1alpha1_manifest_test.go out/terratest-sentinel-multicluster_x_k8s_io_work_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_image_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1alpha1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_metadata_v1beta1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_assign_v1beta1_manifest_test.go out/terratest-sentinel-mutations_gatekeeper_sh_modify_set_v1beta1_manifest_test.go out/terratest-sentinel-nativestor_alauda_io_raw_device_v1_manifest_test.go out/terratest-sentinel-netchecks_io_network_assertion_v1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_firewall_policy_v1alpha1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_firewall_v1alpha1_manifest_test.go out/terratest-sentinel-networkfirewall_services_k8s_aws_rule_group_v1alpha1_manifest_test.go out/terratest-sentinel-networking_gke_io_managed_certificate_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_envoy_filter_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1alpha3_manifest_test.go out/terratest-sentinel-networking_istio_io_destination_rule_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_gateway_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_proxy_config_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_service_entry_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_sidecar_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_virtual_service_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_entry_v1beta1_manifest_test.go out/terratest-sentinel-networking_istio_io_workload_group_v1beta1_manifest_test.go out/terratest-sentinel-networking_k8s_aws_policy_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-networking_k8s_io_ingress_class_v1_manifest_test.go out/terratest-sentinel-networking_k8s_io_ingress_v1_manifest_test.go out/terratest-sentinel-networking_k8s_io_network_policy_v1_manifest_test.go out/terratest-sentinel-networking_karmada_io_multi_cluster_ingress_v1alpha1_manifest_test.go out/terratest-sentinel-networking_karmada_io_multi_cluster_service_v1alpha1_manifest_test.go out/terratest-sentinel-nfd_k8s_sigs_io_node_feature_rule_v1alpha1_manifest_test.go out/terratest-sentinel-nfd_kubernetes_io_node_feature_discovery_v1_manifest_test.go out/terratest-sentinel-nfd_kubernetes_io_node_feature_rule_v1alpha1_manifest_test.go out/terratest-sentinel-nodeinfo_volcano_sh_numatopology_v1alpha1_manifest_test.go out/terratest-sentinel-notebook_kubedl_io_notebook_v1alpha1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta1_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta2_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_alert_v1beta3_manifest_test.go out/terratest-sentinel-notification_toolkit_fluxcd_io_provider_v1beta3_manifest_test.go out/terratest-sentinel-objectbucket_io_object_bucket_claim_v1alpha1_manifest_test.go out/terratest-sentinel-objectbucket_io_object_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-onepassword_com_one_password_item_v1_manifest_test.go out/terratest-sentinel-opensearchservice_services_k8s_aws_domain_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_instrumentation_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_op_amp_bridge_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_open_telemetry_collector_v1alpha1_manifest_test.go out/terratest-sentinel-opentelemetry_io_open_telemetry_collector_v1beta1_manifest_test.go out/terratest-sentinel-operations_kubeedge_io_node_upgrade_job_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_csp_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_database_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_enforcer_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_kube_enforcer_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_scanner_v1alpha1_manifest_test.go out/terratest-sentinel-operator_aquasec_com_aqua_server_v1alpha1_manifest_test.go out/terratest-sentinel-operator_authorino_kuadrant_io_authorino_v1beta1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha1_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_addon_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha2_manifest_test.go out/terratest-sentinel-operator_cryostat_io_cryostat_v1beta1_manifest_test.go out/terratest-sentinel-operator_knative_dev_knative_eventing_v1beta1_manifest_test.go out/terratest-sentinel-operator_knative_dev_knative_serving_v1beta1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_discovery_service_certificate_v1alpha1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_discovery_service_v1alpha1_manifest_test.go out/terratest-sentinel-operator_marin3r_3scale_net_envoy_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-operator_open_cluster_management_io_cluster_manager_v1_manifest_test.go out/terratest-sentinel-operator_open_cluster_management_io_klusterlet_v1_manifest_test.go out/terratest-sentinel-operator_shipwright_io_shipwright_build_v1alpha1_manifest_test.go out/terratest-sentinel-operator_tigera_io_amazon_cloud_integration_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_api_server_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_application_layer_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_authentication_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_compliance_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_egress_gateway_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_image_set_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_installation_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_intrusion_detection_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_log_collector_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_log_storage_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_management_cluster_connection_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_management_cluster_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_manager_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_monitor_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_packet_capture_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_policy_recommendation_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tenant_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tigera_status_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tls_pass_through_route_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_tls_terminated_route_v1_manifest_test.go out/terratest-sentinel-operator_tigera_io_amazon_cloud_integration_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_agent_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alert_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_auth_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_cluster_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_probe_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_rule_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_single_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest_test.go out/terratest-sentinel-operator_victoriametrics_com_vm_user_v1beta1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_backup_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_backup_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_config_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_cron_anything_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_database_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_export_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_import_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_instance_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_pitr_v1alpha1_manifest_test.go out/terratest-sentinel-oracle_db_anthosapis_com_release_v1alpha1_manifest_test.go out/terratest-sentinel-org_eclipse_che_che_cluster_v1_manifest_test.go out/terratest-sentinel-org_eclipse_che_che_cluster_v2_manifest_test.go out/terratest-sentinel-organizations_services_k8s_aws_organizational_unit_v1alpha1_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_backup_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_cluster_v2_manifest_test.go out/terratest-sentinel-pgv2_percona_com_percona_pg_restore_v2_manifest_test.go out/terratest-sentinel-pipes_services_k8s_aws_pipe_v1alpha1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_configuration_revision_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_configuration_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_provider_revision_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_provider_v1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_controller_config_v1alpha1_manifest_test.go out/terratest-sentinel-pkg_crossplane_io_lock_v1beta1_manifest_test.go out/terratest-sentinel-policy_clusterpedia_io_cluster_import_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_clusterpedia_io_pedia_cluster_lifecycle_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_cluster_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_federated_resource_quota_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_override_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_karmada_io_propagation_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_kubeedge_io_service_account_access_v1alpha1_manifest_test.go out/terratest-sentinel-policy_networking_k8s_io_admin_network_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_networking_k8s_io_baseline_admin_network_policy_v1alpha1_manifest_test.go out/terratest-sentinel-policy_pod_disruption_budget_v1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_pg_admin_v1beta1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest_test.go out/terratest-sentinel-postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_backup_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_cluster_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_pooler_v1_manifest_test.go out/terratest-sentinel-postgresql_cnpg_io_scheduled_backup_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_http_proxy_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_tls_certificate_delegation_v1_manifest_test.go out/terratest-sentinel-projectcontour_io_contour_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-projectcontour_io_contour_deployment_v1alpha1_manifest_test.go out/terratest-sentinel-projectcontour_io_extension_service_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_alert_manager_definition_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_logging_configuration_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_rule_groups_namespace_v1alpha1_manifest_test.go out/terratest-sentinel-prometheusservice_services_k8s_aws_workspace_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_backup_v1alpha1_manifest_test.go out/terratest-sentinel-ps_percona_com_percona_server_my_sql_restore_v1alpha1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_v1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_backup_v1_manifest_test.go out/terratest-sentinel-psmdb_percona_com_percona_server_mongo_db_restore_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_node_ptp_device_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_ptp_config_v1_manifest_test.go out/terratest-sentinel-ptp_openshift_io_ptp_operator_config_v1_manifest_test.go out/terratest-sentinel-pubsubplus_solace_com_pub_sub_plus_event_broker_v1beta1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_backup_v1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest_test.go out/terratest-sentinel-pxc_percona_com_percona_xtra_db_cluster_v1_manifest_test.go out/terratest-sentinel-quay_redhat_com_quay_registry_v1_manifest_test.go out/terratest-sentinel-quota_codeflare_dev_quota_subtree_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_cluster_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_job_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_service_v1_manifest_test.go out/terratest-sentinel-ray_io_ray_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_job_v1alpha1_manifest_test.go out/terratest-sentinel-ray_io_ray_service_v1alpha1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_cluster_role_binding_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_cluster_role_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_role_binding_v1_manifest_test.go out/terratest-sentinel-rbac_authorization_k8s_io_role_v1_manifest_test.go out/terratest-sentinel-rbacmanager_reactiveops_io_rbac_definition_v1beta1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_component_v1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_operation_v1_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_component_v1beta2_manifest_test.go out/terratest-sentinel-rc_app_stacks_runtime_operation_v1beta2_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_cluster_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_parameter_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_proxy_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/terratest-sentinel-rds_services_k8s_aws_global_cluster_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_group_config_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_keepalived_group_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_namespace_config_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_patch_v1alpha1_manifest_test.go out/terratest-sentinel-redhatcop_redhat_io_user_config_v1alpha1_manifest_test.go out/terratest-sentinel-registry_apicur_io_apicurio_registry_v1_manifest_test.go out/terratest-sentinel-registry_devfile_io_cluster_devfile_registries_list_v1alpha1_manifest_test.go out/terratest-sentinel-registry_devfile_io_devfile_registries_list_v1alpha1_manifest_test.go out/terratest-sentinel-registry_devfile_io_devfile_registry_v1alpha1_manifest_test.go out/terratest-sentinel-reliablesyncs_kubeedge_io_cluster_object_sync_v1alpha1_manifest_test.go out/terratest-sentinel-reliablesyncs_kubeedge_io_object_sync_v1alpha1_manifest_test.go out/terratest-sentinel-remediation_medik8s_io_node_health_check_v1alpha1_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_backup_v1beta2_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_restore_v1beta2_manifest_test.go out/terratest-sentinel-repo_manager_pulpproject_org_pulp_v1beta2_manifest_test.go out/terratest-sentinel-reports_kyverno_io_cluster_ephemeral_report_v1_manifest_test.go out/terratest-sentinel-reports_kyverno_io_ephemeral_report_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_login_rule_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_okta_import_rule_v1_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_provision_token_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_saml_connector_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_user_v2_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_github_connector_v3_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_oidc_connector_v3_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_role_v5_manifest_test.go out/terratest-sentinel-resources_teleport_dev_teleport_role_v6_manifest_test.go out/terratest-sentinel-ripsaw_cloudbulldozer_io_benchmark_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_broker_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_console_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_name_service_v1alpha1_manifest_test.go out/terratest-sentinel-rocketmq_apache_org_topic_transfer_v1alpha1_manifest_test.go out/terratest-sentinel-route53_services_k8s_aws_hosted_zone_v1alpha1_manifest_test.go out/terratest-sentinel-route53_services_k8s_aws_record_set_v1alpha1_manifest_test.go out/terratest-sentinel-route53resolver_services_k8s_aws_resolver_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-route53resolver_services_k8s_aws_resolver_rule_v1alpha1_manifest_test.go out/terratest-sentinel-rules_kubeedge_io_rule_endpoint_v1_manifest_test.go out/terratest-sentinel-rules_kubeedge_io_rule_v1_manifest_test.go out/terratest-sentinel-runtime_cluster_x_k8s_io_extension_config_v1alpha1_manifest_test.go out/terratest-sentinel-s3_services_k8s_aws_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_bucket_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_user_claim_v1alpha1_manifest_test.go out/terratest-sentinel-s3_snappcloud_io_s3_user_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_app_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_data_quality_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_domain_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_endpoint_config_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_feature_group_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_hyper_parameter_tuning_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_bias_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_explainability_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_package_group_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_package_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_quality_job_definition_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_model_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_monitoring_schedule_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_notebook_instance_lifecycle_config_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_notebook_instance_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_processing_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_training_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_transform_job_v1alpha1_manifest_test.go out/terratest-sentinel-sagemaker_services_k8s_aws_user_profile_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_k8s_io_priority_class_v1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_device_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_pod_migration_job_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_koordinator_sh_reservation_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_sigs_k8s_io_elastic_quota_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_sigs_k8s_io_pod_group_v1alpha1_manifest_test.go out/terratest-sentinel-scheduling_volcano_sh_pod_group_v1beta1_manifest_test.go out/terratest-sentinel-scheduling_volcano_sh_queue_v1beta1_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_data_type_v1alpha4_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_migration_v1alpha4_manifest_test.go out/terratest-sentinel-schemas_schemahero_io_table_v1alpha4_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_scylla_cluster_v1_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_node_config_v1alpha1_manifest_test.go out/terratest-sentinel-scylla_scylladb_com_scylla_operator_config_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_basic_auth_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_ssh_key_pair_v1alpha1_manifest_test.go out/terratest-sentinel-secretgenerator_mittwald_de_string_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_crossplane_io_store_config_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_doppler_com_doppler_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_hcp_auth_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_auth_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_connection_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_hashicorp_com_vault_static_secret_v1beta1_manifest_test.go out/terratest-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1_manifest_test.go out/terratest-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1alpha1_manifest_test.go out/terratest-sentinel-secretsmanager_services_k8s_aws_secret_v1alpha1_manifest_test.go out/terratest-sentinel-secscan_quay_redhat_com_image_manifest_vuln_v1alpha1_manifest_test.go out/terratest-sentinel-security_istio_io_authorization_policy_v1_manifest_test.go out/terratest-sentinel-security_istio_io_peer_authentication_v1_manifest_test.go out/terratest-sentinel-security_istio_io_request_authentication_v1_manifest_test.go out/terratest-sentinel-security_istio_io_authorization_policy_v1beta1_manifest_test.go out/terratest-sentinel-security_istio_io_peer_authentication_v1beta1_manifest_test.go out/terratest-sentinel-security_istio_io_request_authentication_v1beta1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_app_armor_profile_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_profile_binding_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_profile_recording_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_security_profile_node_status_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_security_profiles_operator_daemon_v1alpha1_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_raw_selinux_profile_v1alpha2_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_selinux_profile_v1alpha2_manifest_test.go out/terratest-sentinel-security_profiles_operator_x_k8s_io_seccomp_profile_v1beta1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_config_v1alpha1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_template_v1alpha1_manifest_test.go out/terratest-sentinel-self_node_remediation_medik8s_io_self_node_remediation_v1alpha1_manifest_test.go out/terratest-sentinel-sematext_com_sematext_agent_v1_manifest_test.go out/terratest-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1alpha3_manifest_test.go out/terratest-sentinel-servicebinding_io_service_binding_v1alpha3_manifest_test.go out/terratest-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1beta1_manifest_test.go out/terratest-sentinel-servicebinding_io_service_binding_v1beta1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_mesh_gateway_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_istio_mesh_v1alpha1_manifest_test.go out/terratest-sentinel-servicemesh_cisco_com_peer_istio_control_plane_v1alpha1_manifest_test.go out/terratest-sentinel-services_k8s_aws_adopted_resource_v1alpha1_manifest_test.go out/terratest-sentinel-services_k8s_aws_field_export_v1alpha1_manifest_test.go out/terratest-sentinel-serving_kubedl_io_inference_v1alpha1_manifest_test.go out/terratest-sentinel-sfn_services_k8s_aws_activity_v1alpha1_manifest_test.go out/terratest-sentinel-sfn_services_k8s_aws_state_machine_v1alpha1_manifest_test.go out/terratest-sentinel-site_superedge_io_node_group_v1alpha1_manifest_test.go out/terratest-sentinel-site_superedge_io_node_unit_v1alpha1_manifest_test.go out/terratest-sentinel-slo_koordinator_sh_node_metric_v1alpha1_manifest_test.go out/terratest-sentinel-slo_koordinator_sh_node_slo_v1alpha1_manifest_test.go out/terratest-sentinel-sloth_slok_dev_prometheus_service_level_v1_manifest_test.go out/terratest-sentinel-snapscheduler_backube_snapshot_schedule_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1beta1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1beta1_manifest_test.go out/terratest-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1beta1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_platform_application_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_platform_endpoint_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_subscription_v1alpha1_manifest_test.go out/terratest-sentinel-sns_services_k8s_aws_topic_v1alpha1_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_build_v1alpha08_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_platform_v1alpha08_manifest_test.go out/terratest-sentinel-sonataflow_org_sonata_flow_v1alpha08_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta1_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_bucket_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta2_manifest_test.go out/terratest-sentinel-source_toolkit_fluxcd_io_oci_repository_v1beta2_manifest_test.go out/terratest-sentinel-sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest_test.go out/terratest-sentinel-sparkoperator_k8s_io_spark_application_v1beta2_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_identity_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_managed_identity_v1alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v2alpha1_manifest_test.go out/terratest-sentinel-spv_no_azure_key_vault_secret_v2beta1_manifest_test.go out/terratest-sentinel-sqs_services_k8s_aws_queue_v1alpha1_manifest_test.go out/terratest-sentinel-storage_k8s_io_csi_driver_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_csi_node_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_storage_class_v1_manifest_test.go out/terratest-sentinel-storage_k8s_io_volume_attachment_v1_manifest_test.go out/terratest-sentinel-storage_kubeblocks_io_storage_provider_v1alpha1_manifest_test.go out/terratest-sentinel-storageos_com_storage_os_cluster_v1_manifest_test.go out/terratest-sentinel-sts_min_io_policy_binding_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_dataplane_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_gateway_config_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_static_service_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_udp_route_v1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_dataplane_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_gateway_config_v1alpha1_manifest_test.go out/terratest-sentinel-stunner_l7mp_io_static_service_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_broker_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_service_discovery_v1alpha1_manifest_test.go out/terratest-sentinel-submariner_io_submariner_v1alpha1_manifest_test.go out/terratest-sentinel-telemetry_istio_io_telemetry_v1_manifest_test.go out/terratest-sentinel-telemetry_istio_io_telemetry_v1alpha1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1alpha1_manifest_test.go out/terratest-sentinel-templates_gatekeeper_sh_constraint_template_v1beta1_manifest_test.go out/terratest-sentinel-tempo_grafana_com_tempo_monolithic_v1alpha1_manifest_test.go out/terratest-sentinel-tempo_grafana_com_tempo_stack_v1alpha1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_cluster_client_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_cluster_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_namespace_v1beta1_manifest_test.go out/terratest-sentinel-temporal_io_temporal_worker_process_v1beta1_manifest_test.go out/terratest-sentinel-tests_testkube_io_script_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_execution_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_source_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_execution_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_trigger_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v1_manifest_test.go out/terratest-sentinel-tests_testkube_io_script_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v2_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_suite_v3_manifest_test.go out/terratest-sentinel-tests_testkube_io_test_v3_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_alarm_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_snmp_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_analytics_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_cassandra_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_config_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_control_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_kubemanager_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_manager_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_query_engine_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_rabbitmq_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_redis_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_vrouter_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_webui_v1alpha1_manifest_test.go out/terratest-sentinel-tf_tungsten_io_zookeeper_v1alpha1_manifest_test.go out/terratest-sentinel-theketch_io_app_v1beta1_manifest_test.go out/terratest-sentinel-theketch_io_job_v1beta1_manifest_test.go out/terratest-sentinel-tinkerbell_org_hardware_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_osie_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_stack_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_template_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_workflow_v1alpha1_manifest_test.go out/terratest-sentinel-tinkerbell_org_hardware_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_osie_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_template_v1alpha2_manifest_test.go out/terratest-sentinel-tinkerbell_org_workflow_v1alpha2_manifest_test.go out/terratest-sentinel-topology_node_k8s_io_node_resource_topology_v1alpha1_manifest_test.go out/terratest-sentinel-topolvm_cybozu_com_logical_volume_v1_manifest_test.go out/terratest-sentinel-topolvm_cybozu_com_topolvm_cluster_v2_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_udp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_ingress_route_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_middleware_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_middleware_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_servers_transport_tcp_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_servers_transport_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_tls_option_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_tls_store_v1alpha1_manifest_test.go out/terratest-sentinel-traefik_io_traefik_service_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_elastic_dl_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_mars_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_mpi_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_py_torch_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_tf_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_xdl_job_v1alpha1_manifest_test.go out/terratest-sentinel-training_kubedl_io_xg_boost_job_v1alpha1_manifest_test.go out/terratest-sentinel-trust_cert_manager_io_bundle_v1alpha1_manifest_test.go out/terratest-sentinel-upgrade_cattle_io_plan_v1_manifest_test.go out/terratest-sentinel-upgrade_managed_openshift_io_upgrade_config_v1alpha1_manifest_test.go out/terratest-sentinel-velero_io_backup_repository_v1_manifest_test.go out/terratest-sentinel-velero_io_backup_storage_location_v1_manifest_test.go out/terratest-sentinel-velero_io_backup_v1_manifest_test.go out/terratest-sentinel-velero_io_delete_backup_request_v1_manifest_test.go out/terratest-sentinel-velero_io_download_request_v1_manifest_test.go out/terratest-sentinel-velero_io_pod_volume_backup_v1_manifest_test.go out/terratest-sentinel-velero_io_pod_volume_restore_v1_manifest_test.go out/terratest-sentinel-velero_io_restore_v1_manifest_test.go out/terratest-sentinel-velero_io_schedule_v1_manifest_test.go out/terratest-sentinel-velero_io_server_status_request_v1_manifest_test.go out/terratest-sentinel-velero_io_volume_snapshot_location_v1_manifest_test.go out/terratest-sentinel-velero_io_data_download_v2alpha1_manifest_test.go out/terratest-sentinel-velero_io_data_upload_v2alpha1_manifest_test.go out/terratest-sentinel-virt_virtink_smartx_com_virtual_machine_migration_v1alpha1_manifest_test.go out/terratest-sentinel-virt_virtink_smartx_com_virtual_machine_v1alpha1_manifest_test.go out/terratest-sentinel-volsync_backube_replication_destination_v1alpha1_manifest_test.go out/terratest-sentinel-volsync_backube_replication_source_v1alpha1_manifest_test.go out/terratest-sentinel-vpcresources_k8s_aws_cni_node_v1alpha1_manifest_test.go out/terratest-sentinel-vpcresources_k8s_aws_security_group_policy_v1beta1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1alpha1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha2_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1alpha2_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_cluster_policy_report_v1beta1_manifest_test.go out/terratest-sentinel-wgpolicyk8s_io_policy_report_v1beta1_manifest_test.go out/terratest-sentinel-wildfly_org_wild_fly_server_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_cluster_resource_binding_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_resource_binding_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_work_v1alpha1_manifest_test.go out/terratest-sentinel-work_karmada_io_cluster_resource_binding_v1alpha2_manifest_test.go out/terratest-sentinel-work_karmada_io_resource_binding_v1alpha2_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_app_wrapper_v1beta1_manifest_test.go out/terratest-sentinel-workload_codeflare_dev_scheduling_spec_v1beta1_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_instance_set_v1alpha1_manifest_test.go out/terratest-sentinel-workloads_kubeblocks_io_replicated_state_machine_v1alpha1_manifest_test.go out/terratest-sentinel-zonecontrol_k8s_aws_zone_aware_update_v1_manifest_test.go out/terratest-sentinel-zonecontrol_k8s_aws_zone_disruption_budget_v1_manifest_test.go out/terratest-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.go ## run all terratest tests diff --git a/tests.mk b/tests.mk index dfee81cb8..43a8aa962 100644 --- a/tests.mk +++ b/tests.mk @@ -2881,6 +2881,10 @@ out/test-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go: ./internal/ mkdir --parents $(@D) go test ./internal/provider/helm_sigstore_dev_v1alpha1/helm_sigstore_dev_rekor_v1alpha1_manifest_test.go touch $@ +out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go: ./internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest.go ./internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go + mkdir --parents $(@D) + go test ./internal/provider/helm_toolkit_fluxcd_io_v2/helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go + touch $@ out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go: ./internal/provider/helm_toolkit_fluxcd_io_v2beta1/helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest.go ./internal/provider/helm_toolkit_fluxcd_io_v2beta1/helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go mkdir --parents $(@D) go test ./internal/provider/helm_toolkit_fluxcd_io_v2beta1/helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go @@ -6668,4 +6672,4 @@ out/test-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.g .PHONY: tests -tests: out/test-sentinel-about_k8s_io_cluster_property_v1alpha1_manifest_test.go out/test-sentinel-acid_zalan_do_operator_configuration_v1_manifest_test.go out/test-sentinel-acid_zalan_do_postgres_team_v1_manifest_test.go out/test-sentinel-acid_zalan_do_postgresql_v1_manifest_test.go out/test-sentinel-acme_cert_manager_io_challenge_v1_manifest_test.go out/test-sentinel-acme_cert_manager_io_order_v1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_authority_activation_v1alpha1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_authority_v1alpha1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_autoscaling_listener_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_autoscaling_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_ephemeral_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_ephemeral_runner_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_horizontal_runner_autoscaler_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_deployment_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_replica_set_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_v1alpha1_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha3_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha3_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha4_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha4_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1beta1_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1beta1_manifest_test.go out/test-sentinel-admissionregistration_k8s_io_mutating_webhook_configuration_v1_manifest_test.go out/test-sentinel-admissionregistration_k8s_io_validating_webhook_configuration_v1_manifest_test.go out/test-sentinel-agent_k8s_elastic_co_agent_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_aws_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_aws_iam_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cloud_stack_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cloud_stack_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cluster_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_control_plane_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_docker_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_eksa_release_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_flux_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_git_ops_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_machine_deployment_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_node_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_nutanix_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_nutanix_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_oidc_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_ip_pool_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_template_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_v_sphere_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_v_sphere_machine_config_v1alpha1_manifest_test.go out/test-sentinel-apacheweb_arsenal_dev_apacheweb_v1alpha1_manifest_test.go out/test-sentinel-api_clever_cloud_com_config_provider_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_elastic_search_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_mongo_db_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_my_sql_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_postgre_sql_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_redis_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_pulsar_v1beta1_manifest_test.go out/test-sentinel-api_kubemod_io_mod_rule_v1beta1_manifest_test.go out/test-sentinel-apicodegen_apimatic_io_api_matic_v1beta1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composite_resource_definition_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_revision_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_revision_v1beta1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_api_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_authorizer_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_deployment_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_integration_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_route_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_stage_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_vpc_link_v1alpha1_manifest_test.go out/test-sentinel-apiregistration_k8s_io_api_service_v1_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_cluster_config_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_consumer_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_global_rule_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_plugin_config_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_route_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_tls_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_upstream_v2_manifest_test.go out/test-sentinel-apm_k8s_elastic_co_apm_server_v1_manifest_test.go out/test-sentinel-apm_k8s_elastic_co_apm_server_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_build_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_infra_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_runtime_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_supporting_service_v1beta1_manifest_test.go out/test-sentinel-app_lightbend_com_akka_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_cluster_v1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_active_active_database_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_database_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_remote_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_terraform_io_agent_pool_v1alpha2_manifest_test.go out/test-sentinel-app_terraform_io_module_v1alpha2_manifest_test.go out/test-sentinel-app_terraform_io_workspace_v1alpha2_manifest_test.go out/test-sentinel-application_networking_k8s_aws_access_log_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_iam_auth_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_service_import_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_target_group_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_vpc_association_policy_v1alpha1_manifest_test.go out/test-sentinel-applicationautoscaling_services_k8s_aws_scalable_target_v1alpha1_manifest_test.go out/test-sentinel-applicationautoscaling_services_k8s_aws_scaling_policy_v1alpha1_manifest_test.go out/test-sentinel-appmesh_k8s_aws_backend_group_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_gateway_route_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_mesh_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_gateway_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_node_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_router_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_service_v1beta2_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_log_conf_v1beta1_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_policy_v1beta1_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_user_sig_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_ap_dos_log_conf_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_ap_dos_policy_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_dos_protected_resource_v1beta1_manifest_test.go out/test-sentinel-apps_3scale_net_ap_icast_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_backup_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_restore_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_base_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_description_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_feed_inventory_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_globalization_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_helm_chart_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_helm_release_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_localization_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_manifest_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_subscription_v1alpha1_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_broker_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_enterprise_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_plugin_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_broker_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_enterprise_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_plugin_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_rebalance_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_v2alpha1_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_v2beta1_manifest_test.go out/test-sentinel-apps_emqx_io_rebalance_v2beta1_manifest_test.go out/test-sentinel-apps_gitlab_com_git_lab_v1beta1_manifest_test.go out/test-sentinel-apps_gitlab_com_runner_v1beta2_manifest_test.go out/test-sentinel-apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_version_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_class_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_resource_constraint_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_version_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_config_constraint_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_configuration_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_ops_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_ops_request_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_service_descriptor_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_config_constraint_v1beta1_manifest_test.go out/test-sentinel-apps_kubedl_io_cron_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeedge_io_edge_application_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeedge_io_node_group_v1alpha1_manifest_test.go out/test-sentinel-apps_m88i_io_nexus_v1alpha1_manifest_test.go out/test-sentinel-apps_redhat_com_cluster_impairment_v1alpha1_manifest_test.go out/test-sentinel-apps_daemon_set_v1_manifest_test.go out/test-sentinel-apps_deployment_v1_manifest_test.go out/test-sentinel-apps_replica_set_v1_manifest_test.go out/test-sentinel-apps_stateful_set_v1_manifest_test.go out/test-sentinel-aquasecurity_github_io_aqua_starboard_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_app_project_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_application_set_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_application_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_export_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_v1beta1_manifest_test.go out/test-sentinel-asdb_aerospike_com_aerospike_cluster_v1_manifest_test.go out/test-sentinel-asdb_aerospike_com_aerospike_cluster_v1beta1_manifest_test.go out/test-sentinel-atlasmap_io_atlas_map_v1alpha1_manifest_test.go out/test-sentinel-auth_ops42_org_aws_auth_sync_config_v1alpha1_manifest_test.go out/test-sentinel-authzed_com_spice_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-automation_kubensync_com_managed_resource_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_k8s_elastic_co_elasticsearch_autoscaler_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1beta2_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1beta2_manifest_test.go out/test-sentinel-autoscaling_karmada_io_cron_federated_hpa_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_karmada_io_federated_hpa_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_horizontal_pod_autoscaler_v1_manifest_test.go out/test-sentinel-autoscaling_horizontal_pod_autoscaler_v2_manifest_test.go out/test-sentinel-awx_ansible_com_awx_v1beta1_manifest_test.go out/test-sentinel-awx_ansible_com_awx_backup_v1beta1_manifest_test.go out/test-sentinel-awx_ansible_com_awx_restore_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_apim_service_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_api_mgmt_api_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_app_insights_api_key_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_app_insights_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_load_balancer_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_network_interface_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_public_ip_address_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_action_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_failover_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_managed_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_virtual_machine_extension_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_virtual_machine_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_vm_scale_set_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_blob_container_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_consumer_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_cosmos_db_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_eventhub_namespace_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_eventhub_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_key_vault_key_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_key_vault_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_administrator_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_redis_cache_action_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_redis_cache_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_resource_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_storage_account_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_virtual_network_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_blob_container_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_user_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_database_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_failover_group_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_server_v1beta1_manifest_test.go out/test-sentinel-b3scale_infra_run_bbb_frontend_v1_manifest_test.go out/test-sentinel-batch_cron_job_v1_manifest_test.go out/test-sentinel-batch_job_v1_manifest_test.go out/test-sentinel-batch_volcano_sh_job_v1alpha1_manifest_test.go out/test-sentinel-beat_k8s_elastic_co_beat_v1beta1_manifest_test.go out/test-sentinel-beegfs_csi_netapp_com_beegfs_driver_v1_manifest_test.go out/test-sentinel-binding_operators_coreos_com_service_binding_v1alpha1_manifest_test.go out/test-sentinel-bitnami_com_sealed_secret_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_job_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_machine_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_task_v1alpha1_manifest_test.go out/test-sentinel-boskos_k8s_io_drlc_object_v1_manifest_test.go out/test-sentinel-boskos_k8s_io_resource_object_v1_manifest_test.go out/test-sentinel-bpfman_io_bpf_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_fentry_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_fexit_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_kprobe_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_tc_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_tracepoint_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_uprobe_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_xdp_program_v1alpha1_manifest_test.go out/test-sentinel-bus_volcano_sh_command_v1alpha1_manifest_test.go out/test-sentinel-cache_kubedl_io_cache_backend_v1alpha1_manifest_test.go out/test-sentinel-caching_ibm_com_varnish_cluster_v1alpha1_manifest_test.go out/test-sentinel-camel_apache_org_build_v1_manifest_test.go out/test-sentinel-camel_apache_org_camel_catalog_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_kit_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_platform_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_profile_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_v1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_v1_manifest_test.go out/test-sentinel-camel_apache_org_pipe_v1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_binding_v1alpha1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_v1alpha1_manifest_test.go out/test-sentinel-canaries_flanksource_com_canary_v1_manifest_test.go out/test-sentinel-canaries_flanksource_com_component_v1_manifest_test.go out/test-sentinel-canaries_flanksource_com_topology_v1_manifest_test.go out/test-sentinel-capabilities_3scale_net_tenant_v1alpha1_manifest_test.go out/test-sentinel-capabilities_3scale_net_active_doc_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_application_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_backend_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_custom_policy_definition_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_developer_account_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_developer_user_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_open_api_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_product_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_proxy_config_promote_v1beta1_manifest_test.go out/test-sentinel-capsule_clastix_io_capsule_configuration_v1alpha1_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1alpha1_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1beta1_manifest_test.go out/test-sentinel-capsule_clastix_io_capsule_configuration_v1beta2_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1beta2_manifest_test.go out/test-sentinel-cassandra_datastax_com_cassandra_datacenter_v1beta1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_block_pool_rados_namespace_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_block_pool_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_bucket_notification_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_bucket_topic_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_client_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_cluster_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_cosi_driver_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_mirror_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_sub_volume_group_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_nfs_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_realm_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_store_user_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_store_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_zone_group_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_zone_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_rbd_mirror_v1_manifest_test.go out/test-sentinel-cert_manager_io_certificate_request_v1_manifest_test.go out/test-sentinel-cert_manager_io_certificate_v1_manifest_test.go out/test-sentinel-cert_manager_io_cluster_issuer_v1_manifest_test.go out/test-sentinel-cert_manager_io_issuer_v1_manifest_test.go out/test-sentinel-certificates_k8s_io_certificate_signing_request_v1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_configuration_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_test_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_configuration_v1alpha2_manifest_test.go out/test-sentinel-chaos_mesh_org_aws_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_azure_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_block_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_dns_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_gcp_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_http_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_io_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_jvm_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_kernel_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_network_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_physical_machine_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_physical_machine_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_http_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_io_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_network_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_remote_cluster_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_schedule_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_status_check_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_stress_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_time_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_workflow_node_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_workflow_v1alpha1_manifest_test.go out/test-sentinel-chaosblade_io_chaos_blade_v1alpha1_manifest_test.go out/test-sentinel-charts_amd_com_amdgpu_v1alpha1_manifest_test.go out/test-sentinel-charts_flagsmith_com_flagsmith_v1alpha1_manifest_test.go out/test-sentinel-charts_helm_k8s_io_snyk_monitor_v1alpha1_manifest_test.go out/test-sentinel-charts_opdev_io_synapse_v1alpha1_manifest_test.go out/test-sentinel-charts_operatorhub_io_cockroachdb_v1alpha1_manifest_test.go out/test-sentinel-che_eclipse_org_kubernetes_image_puller_v1alpha1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_provisioner_v1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_v1_manifest_test.go out/test-sentinel-cilium_io_cilium_clusterwide_envoy_config_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_clusterwide_network_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_egress_gateway_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_envoy_config_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_external_workload_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_identity_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_local_redirect_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_network_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_node_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_cidr_group_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_endpoint_slice_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_node_config_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_pod_ip_pool_v2alpha1_manifest_test.go out/test-sentinel-claudie_io_input_manifest_v1beta1_manifest_test.go out/test-sentinel-cloudformation_linki_space_stack_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_cache_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_distribution_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_function_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_origin_request_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_response_headers_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudtrail_services_k8s_aws_event_data_store_v1alpha1_manifest_test.go out/test-sentinel-cloudtrail_services_k8s_aws_trail_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_aws_amazon_com_amazon_cloud_watch_agent_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_aws_amazon_com_instrumentation_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_services_k8s_aws_metric_alarm_v1alpha1_manifest_test.go out/test-sentinel-cloudwatchlogs_services_k8s_aws_log_group_v1alpha1_manifest_test.go out/test-sentinel-cluster_clusterpedia_io_cluster_sync_resources_v1alpha2_manifest_test.go out/test-sentinel-cluster_clusterpedia_io_pedia_cluster_v1alpha2_manifest_test.go out/test-sentinel-cluster_ipfs_io_circuit_relay_v1alpha1_manifest_test.go out/test-sentinel-cluster_ipfs_io_ipfs_cluster_v1alpha1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_class_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_class_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1beta1_manifest_test.go out/test-sentinel-clusters_clusternet_io_cluster_registration_request_v1beta1_manifest_test.go out/test-sentinel-clusters_clusternet_io_managed_cluster_v1beta1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_instance_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_quota_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_setup_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_config_v1alpha1_manifest_test.go out/test-sentinel-confidentialcontainers_org_cc_runtime_v1beta1_manifest_test.go out/test-sentinel-config_gatekeeper_sh_config_v1alpha1_manifest_test.go out/test-sentinel-config_grafana_com_project_config_v1_manifest_test.go out/test-sentinel-config_karmada_io_resource_interpreter_customization_v1alpha1_manifest_test.go out/test-sentinel-config_karmada_io_resource_interpreter_webhook_configuration_v1alpha1_manifest_test.go out/test-sentinel-config_koordinator_sh_cluster_colocation_profile_v1alpha1_manifest_test.go out/test-sentinel-config_storageos_com_operator_config_v1_manifest_test.go out/test-sentinel-control_k8ssandra_io_cassandra_task_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_collected_status_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_federated_object_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_override_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_collected_status_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_cluster_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_object_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_type_config_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_override_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_scheduler_plugin_webhook_configuration_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_scheduling_profile_v1alpha1_manifest_test.go out/test-sentinel-core_linuxsuren_github_com_a_test_v1alpha1_manifest_test.go out/test-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha1_manifest_test.go out/test-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha2_manifest_test.go out/test-sentinel-core_strimzi_io_strimzi_pod_set_v1beta2_manifest_test.go out/test-sentinel-config_map_v1_manifest_test.go out/test-sentinel-endpoints_v1_manifest_test.go out/test-sentinel-limit_range_v1_manifest_test.go out/test-sentinel-namespace_v1_manifest_test.go out/test-sentinel-persistent_volume_claim_v1_manifest_test.go out/test-sentinel-persistent_volume_v1_manifest_test.go out/test-sentinel-pod_v1_manifest_test.go out/test-sentinel-replication_controller_v1_manifest_test.go out/test-sentinel-secret_v1_manifest_test.go out/test-sentinel-service_account_v1_manifest_test.go out/test-sentinel-service_v1_manifest_test.go out/test-sentinel-couchbase_com_couchbase_autoscaler_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_backup_restore_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_backup_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_cluster_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_collection_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_collection_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_ephemeral_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_memcached_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_migration_replication_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_replication_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_role_binding_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_scope_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_scope_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_user_v2_manifest_test.go out/test-sentinel-craftypath_github_io_sops_secret_v1alpha1_manifest_test.go out/test-sentinel-crane_konveyor_io_operator_config_v1alpha1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_filter_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_peer_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_block_affinity_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_calico_node_status_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_cluster_information_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_felix_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_global_network_policy_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_global_network_set_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_host_endpoint_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_block_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_config_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_handle_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ip_pool_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ip_reservation_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_kube_controllers_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_network_policy_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_network_set_v1_manifest_test.go out/test-sentinel-data_fluid_io_alluxio_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_data_backup_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_data_load_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_dataset_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_goose_fs_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_jindo_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_juice_fs_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_thin_runtime_profile_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_thin_runtime_v1alpha1_manifest_test.go out/test-sentinel-databases_schemahero_io_database_v1alpha4_manifest_test.go out/test-sentinel-databases_spotahome_com_redis_failover_v1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_agent_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_metric_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_monitor_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_slo_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_agent_v2alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_action_set_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_policy_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_repo_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_schedule_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_restore_v1alpha1_manifest_test.go out/test-sentinel-designer_kaoto_io_kaoto_v1alpha1_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_model_v1alpha2_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_v1alpha2_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_model_v1beta1_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_v1beta1_manifest_test.go out/test-sentinel-devops_kubesphere_io_releaser_controller_v1alpha1_manifest_test.go out/test-sentinel-devops_kubesphere_io_releaser_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_identity_provider_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_o_auth2_client_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_user_v1alpha1_manifest_test.go out/test-sentinel-digitalis_io_vals_secret_v1_manifest_test.go out/test-sentinel-digitalis_io_db_secret_v1beta1_manifest_test.go out/test-sentinel-discovery_k8s_io_endpoint_slice_v1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-druid_apache_org_druid_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_backup_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_global_table_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_table_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_dhcp_options_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_elastic_ip_address_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_instance_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_internet_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_nat_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_route_table_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_security_group_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_subnet_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_transit_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_vpc_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_vpc_endpoint_v1alpha1_manifest_test.go out/test-sentinel-ecr_services_k8s_aws_pull_through_cache_rule_v1alpha1_manifest_test.go out/test-sentinel-ecr_services_k8s_aws_repository_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_access_point_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_file_system_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_mount_target_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_addon_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_fargate_profile_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_nodegroup_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_replication_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_user_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest_test.go out/test-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_target_group_binding_v1alpha1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_ingress_class_params_v1beta1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_target_group_binding_v1beta1_manifest_test.go out/test-sentinel-emrcontainers_services_k8s_aws_job_run_v1alpha1_manifest_test.go out/test-sentinel-emrcontainers_services_k8s_aws_virtual_cluster_v1alpha1_manifest_test.go out/test-sentinel-ensembleoss_io_cluster_v1_manifest_test.go out/test-sentinel-ensembleoss_io_resource_v1_manifest_test.go out/test-sentinel-enterprise_gloo_solo_io_auth_config_v1_manifest_test.go out/test-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest_test.go out/test-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest_test.go out/test-sentinel-events_k8s_io_event_v1_manifest_test.go out/test-sentinel-everest_percona_com_backup_storage_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_backup_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_restore_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_engine_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_monitoring_config_v1alpha1_manifest_test.go out/test-sentinel-execution_furiko_io_job_config_v1alpha1_manifest_test.go out/test-sentinel-execution_furiko_io_job_v1alpha1_manifest_test.go out/test-sentinel-executor_testkube_io_executor_v1_manifest_test.go out/test-sentinel-executor_testkube_io_webhook_v1_manifest_test.go out/test-sentinel-expansion_gatekeeper_sh_expansion_template_v1alpha1_manifest_test.go out/test-sentinel-expansion_gatekeeper_sh_expansion_template_v1beta1_manifest_test.go out/test-sentinel-extensions_istio_io_wasm_plugin_v1alpha1_manifest_test.go out/test-sentinel-extensions_kubeblocks_io_addon_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_secret_store_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_external_secret_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_secret_store_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_external_secret_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_secret_store_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_external_secret_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_secret_store_v1beta1_manifest_test.go out/test-sentinel-externaldata_gatekeeper_sh_provider_v1alpha1_manifest_test.go out/test-sentinel-externaldata_gatekeeper_sh_provider_v1beta1_manifest_test.go out/test-sentinel-externaldns_k8s_io_dns_endpoint_v1alpha1_manifest_test.go out/test-sentinel-externaldns_nginx_org_dns_endpoint_v1_manifest_test.go out/test-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_v1alpha1_manifest_test.go out/test-sentinel-flagger_app_alert_provider_v1beta1_manifest_test.go out/test-sentinel-flagger_app_canary_v1beta1_manifest_test.go out/test-sentinel-flagger_app_metric_template_v1beta1_manifest_test.go out/test-sentinel-flink_apache_org_flink_deployment_v1beta1_manifest_test.go out/test-sentinel-flink_apache_org_flink_session_job_v1beta1_manifest_test.go out/test-sentinel-flow_volcano_sh_job_flow_v1alpha1_manifest_test.go out/test-sentinel-flow_volcano_sh_job_template_v1alpha1_manifest_test.go out/test-sentinel-flowcontrol_apiserver_k8s_io_flow_schema_v1beta3_manifest_test.go out/test-sentinel-flowcontrol_apiserver_k8s_io_priority_level_configuration_v1beta3_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1alpha1_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1beta1_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1beta2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_filter_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_fluent_bit_config_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_input_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_output_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_parser_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_collector_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_filter_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_fluent_bit_config_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_fluent_bit_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_output_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_parser_v1alpha2_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_filter_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_fluentd_config_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_input_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_output_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_filter_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_fluentd_config_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_fluentd_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_input_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_output_v1alpha1_manifest_test.go out/test-sentinel-flux_framework_org_mini_cluster_v1alpha1_manifest_test.go out/test-sentinel-flux_framework_org_mini_cluster_v1alpha2_manifest_test.go out/test-sentinel-forklift_konveyor_io_forklift_controller_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_hook_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_host_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_migration_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_network_map_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_openstack_volume_populator_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_ovirt_volume_populator_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_plan_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_provider_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_storage_map_v1beta1_manifest_test.go out/test-sentinel-fossul_io_backup_config_v1_manifest_test.go out/test-sentinel-fossul_io_backup_schedule_v1_manifest_test.go out/test-sentinel-fossul_io_backup_v1_manifest_test.go out/test-sentinel-fossul_io_fossul_v1_manifest_test.go out/test-sentinel-fossul_io_restore_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_class_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_grpc_route_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_http_route_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_grpc_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_tls_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_udp_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_class_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_http_route_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1beta1_manifest_test.go out/test-sentinel-gateway_nginx_org_client_settings_policy_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_nginx_gateway_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_nginx_proxy_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_observability_policy_v1alpha1_manifest_test.go out/test-sentinel-gateway_solo_io_gateway_v1_manifest_test.go out/test-sentinel-gateway_solo_io_matchable_http_gateway_v1_manifest_test.go out/test-sentinel-gateway_solo_io_route_option_v1_manifest_test.go out/test-sentinel-gateway_solo_io_route_table_v1_manifest_test.go out/test-sentinel-gateway_solo_io_virtual_host_option_v1_manifest_test.go out/test-sentinel-gateway_solo_io_virtual_service_v1_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v1_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_log_service_v1_manifest_test.go out/test-sentinel-getambassador_io_mapping_v1_manifest_test.go out/test-sentinel-getambassador_io_module_v1_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v1_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v1_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v1_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v1_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v2_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v2_manifest_test.go out/test-sentinel-getambassador_io_host_v2_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_log_service_v2_manifest_test.go out/test-sentinel-getambassador_io_mapping_v2_manifest_test.go out/test-sentinel-getambassador_io_module_v2_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v2_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v2_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v2_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v2_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_host_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_listener_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_log_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_mapping_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_module_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v3alpha1_manifest_test.go out/test-sentinel-gitops_hybrid_cloud_patterns_io_pattern_v1alpha1_manifest_test.go out/test-sentinel-gloo_solo_io_proxy_v1_manifest_test.go out/test-sentinel-gloo_solo_io_settings_v1_manifest_test.go out/test-sentinel-gloo_solo_io_upstream_group_v1_manifest_test.go out/test-sentinel-gloo_solo_io_upstream_v1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_dashboard_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_datasource_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_folder_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_v1beta1_manifest_test.go out/test-sentinel-graphql_gloo_solo_io_graph_ql_api_v1beta1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_class_v1alpha1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_content_v1alpha1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_cron_hot_backup_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_hazelcast_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_hot_backup_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_management_center_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_map_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_wan_replication_v1alpha1_manifest_test.go out/test-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest_test.go out/test-sentinel-hive_openshift_io_checkpoint_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_claim_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deployment_customization_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deployment_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deprovision_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_image_set_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_pool_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_provision_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_relocate_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_state_v1_manifest_test.go out/test-sentinel-hive_openshift_io_dns_zone_v1_manifest_test.go out/test-sentinel-hive_openshift_io_hive_config_v1_manifest_test.go out/test-sentinel-hive_openshift_io_machine_pool_name_lease_v1_manifest_test.go out/test-sentinel-hive_openshift_io_machine_pool_v1_manifest_test.go out/test-sentinel-hive_openshift_io_selector_sync_identity_provider_v1_manifest_test.go out/test-sentinel-hive_openshift_io_selector_sync_set_v1_manifest_test.go out/test-sentinel-hive_openshift_io_sync_identity_provider_v1_manifest_test.go out/test-sentinel-hive_openshift_io_sync_set_v1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_cluster_sync_lease_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_cluster_sync_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_fake_cluster_install_v1alpha1_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hierarchical_resource_quota_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hierarchy_configuration_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hnc_configuration_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_subnamespace_anchor_v1alpha2_manifest_test.go out/test-sentinel-hyperfoil_io_horreum_v1alpha1_manifest_test.go out/test-sentinel-hyperfoil_io_hyperfoil_v1alpha2_manifest_test.go out/test-sentinel-iam_services_k8s_aws_group_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_instance_profile_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_open_id_connect_provider_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_policy_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_role_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-ibmcloud_ibm_com_composable_v1alpha1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta2_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta2_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_event_bridge_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_event_driven_ingestion_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_instance_binding_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_study_binding_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicomweb_ingestion_service_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dimse_ingestion_service_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dimse_proxy_v1alpha1_manifest_test.go out/test-sentinel-inference_kubedl_io_elastic_batch_job_v1alpha1_manifest_test.go out/test-sentinel-infinispan_org_infinispan_v1_manifest_test.go out/test-sentinel-infinispan_org_backup_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_batch_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_cache_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_restore_v2alpha1_manifest_test.go out/test-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha1_manifest_test.go out/test-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_template_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_template_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta2_manifest_test.go out/test-sentinel-installation_mattermost_com_mattermost_v1beta1_manifest_test.go out/test-sentinel-instana_io_instana_agent_v1_manifest_test.go out/test-sentinel-integration_rock8s_com_deferred_resource_v1beta1_manifest_test.go out/test-sentinel-integration_rock8s_com_plug_v1beta1_manifest_test.go out/test-sentinel-integration_rock8s_com_socket_v1beta1_manifest_test.go out/test-sentinel-iot_eclipse_org_ditto_v1alpha1_manifest_test.go out/test-sentinel-iot_eclipse_org_hawkbit_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1beta1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_v1beta1_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha1_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha2_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha3_manifest_test.go out/test-sentinel-jaegertracing_io_jaeger_v1_manifest_test.go out/test-sentinel-jobset_x_k8s_io_job_set_v1alpha2_manifest_test.go out/test-sentinel-jobsmanager_raczylo_com_managed_job_v1beta1_manifest_test.go out/test-sentinel-k6_io_k6_v1alpha1_manifest_test.go out/test-sentinel-k6_io_private_load_zone_v1alpha1_manifest_test.go out/test-sentinel-k6_io_test_run_v1alpha1_manifest_test.go out/test-sentinel-k8gb_absa_oss_gslb_v1beta1_manifest_test.go out/test-sentinel-k8s_keycloak_org_keycloak_realm_import_v2alpha1_manifest_test.go out/test-sentinel-k8s_keycloak_org_keycloak_v2alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_backup_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_connection_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_database_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_grant_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_maria_db_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_max_scale_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_restore_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_sql_job_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_user_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_global_configuration_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_policy_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_transport_server_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_virtual_server_route_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_virtual_server_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_global_configuration_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_policy_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_transport_server_v1alpha1_manifest_test.go out/test-sentinel-k8s_otterize_com_client_intents_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_kafka_server_config_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_protected_service_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_client_intents_v1alpha3_manifest_test.go out/test-sentinel-k8s_otterize_com_kafka_server_config_v1alpha3_manifest_test.go out/test-sentinel-k8s_otterize_com_protected_service_v1alpha3_manifest_test.go out/test-sentinel-k8up_io_archive_v1_manifest_test.go out/test-sentinel-k8up_io_backup_v1_manifest_test.go out/test-sentinel-k8up_io_check_v1_manifest_test.go out/test-sentinel-k8up_io_pre_backup_pod_v1_manifest_test.go out/test-sentinel-k8up_io_prune_v1_manifest_test.go out/test-sentinel-k8up_io_restore_v1_manifest_test.go out/test-sentinel-k8up_io_schedule_v1_manifest_test.go out/test-sentinel-k8up_io_snapshot_v1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_cruise_control_operation_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_topic_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_user_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_cluster_v1beta1_manifest_test.go out/test-sentinel-kafka_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1beta1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1beta1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_bridge_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_connect_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_connector_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_mirror_maker2_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_mirror_maker_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_rebalance_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_v1beta2_manifest_test.go out/test-sentinel-kamaji_clastix_io_data_store_v1alpha1_manifest_test.go out/test-sentinel-kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest_test.go out/test-sentinel-karpenter_k8s_aws_ec2_node_class_v1beta1_manifest_test.go out/test-sentinel-karpenter_sh_node_claim_v1beta1_manifest_test.go out/test-sentinel-karpenter_sh_node_pool_v1beta1_manifest_test.go out/test-sentinel-keda_sh_cluster_trigger_authentication_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_scaled_job_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_scaled_object_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_trigger_authentication_v1alpha1_manifest_test.go out/test-sentinel-keycloak_k8s_reddec_net_keycloak_client_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_backup_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_client_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_realm_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_user_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_v1alpha1_manifest_test.go out/test-sentinel-keyspaces_services_k8s_aws_keyspace_v1alpha1_manifest_test.go out/test-sentinel-keyspaces_services_k8s_aws_table_v1alpha1_manifest_test.go out/test-sentinel-kiali_io_kiali_v1alpha1_manifest_test.go out/test-sentinel-kibana_k8s_elastic_co_kibana_v1_manifest_test.go out/test-sentinel-kibana_k8s_elastic_co_kibana_v1beta1_manifest_test.go out/test-sentinel-kinesis_services_k8s_aws_stream_v1alpha1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_module_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_node_modules_config_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta2_manifest_test.go out/test-sentinel-kms_services_k8s_aws_alias_v1alpha1_manifest_test.go out/test-sentinel-kms_services_k8s_aws_grant_v1alpha1_manifest_test.go out/test-sentinel-kms_services_k8s_aws_key_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_dns_record_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_managed_zone_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_kuadrant_v1beta1_manifest_test.go out/test-sentinel-kuadrant_io_auth_policy_v1beta2_manifest_test.go out/test-sentinel-kuadrant_io_rate_limit_policy_v1beta2_manifest_test.go out/test-sentinel-kube_green_com_sleep_info_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_cluster_operation_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_cluster_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_local_artifact_set_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_manifest_v1alpha1_manifest_test.go out/test-sentinel-kubecost_com_turndown_schedule_v1alpha1_manifest_test.go out/test-sentinel-kubevious_io_workload_profile_v1alpha1_manifest_test.go out/test-sentinel-kubevious_io_workload_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_admission_check_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_cluster_queue_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_local_queue_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_resource_flavor_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_workload_v1beta1_manifest_test.go out/test-sentinel-kuma_io_circuit_breaker_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_container_patch_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_dataplane_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_dataplane_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_external_service_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_fault_injection_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_health_check_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_access_log_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_circuit_breaker_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_fault_injection_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_config_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_instance_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_health_check_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_http_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_load_balancing_strategy_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_proxy_patch_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_rate_limit_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_retry_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_tcp_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_timeout_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_trace_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_traffic_permission_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_proxy_template_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_rate_limit_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_retry_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_service_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_timeout_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_log_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_permission_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_trace_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_virtual_outbound_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_egress_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_egress_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_ingress_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_ingress_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_v1alpha1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta2_manifest_test.go out/test-sentinel-kyverno_io_cluster_policy_v1_manifest_test.go out/test-sentinel-kyverno_io_policy_v1_manifest_test.go out/test-sentinel-kyverno_io_admission_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_background_scan_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_cluster_admission_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_cluster_background_scan_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_update_request_v1beta1_manifest_test.go out/test-sentinel-kyverno_io_admission_report_v2_manifest_test.go out/test-sentinel-kyverno_io_background_scan_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_admission_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_background_scan_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2_manifest_test.go out/test-sentinel-kyverno_io_update_request_v2_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_global_context_entry_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_cluster_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_policy_v2beta1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_alias_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_code_signing_config_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_function_url_config_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_function_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_layer_version_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_version_v1alpha1_manifest_test.go out/test-sentinel-lb_lbconfig_carlosedp_com_external_load_balancer_v1_manifest_test.go out/test-sentinel-leaksignal_com_cluster_leaksignal_istio_v1_manifest_test.go out/test-sentinel-leaksignal_com_leaksignal_istio_v1_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta5_manifest_test.go out/test-sentinel-limitador_kuadrant_io_limitador_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_engine_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_experiment_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_result_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_flow_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_output_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_flow_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_logging_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_output_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_logging_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_node_agent_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_cluster_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_cluster_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_output_v1beta1_manifest_test.go out/test-sentinel-logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest_test.go out/test-sentinel-logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest_test.go out/test-sentinel-loki_grafana_com_alerting_rule_v1_manifest_test.go out/test-sentinel-loki_grafana_com_loki_stack_v1_manifest_test.go out/test-sentinel-loki_grafana_com_recording_rule_v1_manifest_test.go out/test-sentinel-loki_grafana_com_ruler_config_v1_manifest_test.go out/test-sentinel-loki_grafana_com_alerting_rule_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_loki_stack_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_recording_rule_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_ruler_config_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_data_source_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_target_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_volume_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_engine_image_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_engine_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_instance_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_node_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_recurring_job_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_replica_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_setting_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_share_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_volume_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_data_source_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backing_image_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backing_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_backing_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_target_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_volume_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_engine_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_engine_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_instance_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_node_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_orphan_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_recurring_job_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_replica_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_setting_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_share_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_snapshot_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_support_bundle_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_system_backup_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_system_restore_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_volume_attachment_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_volume_v1beta2_manifest_test.go out/test-sentinel-m4e_krestomat_io_moodle_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_nginx_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_phpfpm_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_routine_v1alpha1_manifest_test.go out/test-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_v1alpha1_manifest_test.go out/test-sentinel-maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_backup_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_connection_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_database_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_grant_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_maria_db_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_restore_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_sql_job_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_user_v1alpha1_manifest_test.go out/test-sentinel-marin3r_3scale_net_envoy_config_revision_v1alpha1_manifest_test.go out/test-sentinel-marin3r_3scale_net_envoy_config_v1alpha1_manifest_test.go out/test-sentinel-mattermost_com_cluster_installation_v1alpha1_manifest_test.go out/test-sentinel-mattermost_com_mattermost_restore_db_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_acl_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_composite_controller_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_controller_revision_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_decorator_controller_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_bare_metal_host_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_bmc_event_subscription_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_data_image_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_firmware_schema_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_hardware_data_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_host_firmware_components_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_host_firmware_settings_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_preprovisioning_image_v1alpha1_manifest_test.go out/test-sentinel-minio_min_io_tenant_v2_manifest_test.go out/test-sentinel-mirrors_kts_studio_secret_mirror_v1alpha1_manifest_test.go out/test-sentinel-mirrors_kts_studio_secret_mirror_v1alpha2_manifest_test.go out/test-sentinel-model_kubedl_io_model_v1alpha1_manifest_test.go out/test-sentinel-model_kubedl_io_model_version_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_pod_monitor_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_probe_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_rule_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_service_monitor_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_thanos_ruler_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_config_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_agent_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_scrape_config_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_config_v1beta1_manifest_test.go out/test-sentinel-monocle_monocle_change_metrics_io_monocle_v1alpha1_manifest_test.go out/test-sentinel-mq_services_k8s_aws_broker_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_gateway_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_label_identity_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_member_cluster_announce_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_multi_cluster_config_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_resource_export_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_resource_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_claim_v1alpha2_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha2_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_applied_work_v1alpha1_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_service_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_work_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_image_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1beta1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1beta1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1beta1_manifest_test.go out/test-sentinel-nativestor_alauda_io_raw_device_v1_manifest_test.go out/test-sentinel-netchecks_io_network_assertion_v1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_firewall_policy_v1alpha1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_firewall_v1alpha1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_rule_group_v1alpha1_manifest_test.go out/test-sentinel-networking_gke_io_managed_certificate_v1_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_envoy_filter_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_proxy_config_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1beta1_manifest_test.go out/test-sentinel-networking_k8s_aws_policy_endpoint_v1alpha1_manifest_test.go out/test-sentinel-networking_k8s_io_ingress_class_v1_manifest_test.go out/test-sentinel-networking_k8s_io_ingress_v1_manifest_test.go out/test-sentinel-networking_k8s_io_network_policy_v1_manifest_test.go out/test-sentinel-networking_karmada_io_multi_cluster_ingress_v1alpha1_manifest_test.go out/test-sentinel-networking_karmada_io_multi_cluster_service_v1alpha1_manifest_test.go out/test-sentinel-nfd_k8s_sigs_io_node_feature_rule_v1alpha1_manifest_test.go out/test-sentinel-nfd_kubernetes_io_node_feature_discovery_v1_manifest_test.go out/test-sentinel-nfd_kubernetes_io_node_feature_rule_v1alpha1_manifest_test.go out/test-sentinel-nodeinfo_volcano_sh_numatopology_v1alpha1_manifest_test.go out/test-sentinel-notebook_kubedl_io_notebook_v1alpha1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta3_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta3_manifest_test.go out/test-sentinel-objectbucket_io_object_bucket_claim_v1alpha1_manifest_test.go out/test-sentinel-objectbucket_io_object_bucket_v1alpha1_manifest_test.go out/test-sentinel-onepassword_com_one_password_item_v1_manifest_test.go out/test-sentinel-opensearchservice_services_k8s_aws_domain_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_instrumentation_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_op_amp_bridge_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_open_telemetry_collector_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_open_telemetry_collector_v1beta1_manifest_test.go out/test-sentinel-operations_kubeedge_io_node_upgrade_job_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_csp_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_database_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_enforcer_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_gateway_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_kube_enforcer_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_scanner_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_server_v1alpha1_manifest_test.go out/test-sentinel-operator_authorino_kuadrant_io_authorino_v1beta1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_addon_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cryostat_io_cryostat_v1beta1_manifest_test.go out/test-sentinel-operator_knative_dev_knative_eventing_v1beta1_manifest_test.go out/test-sentinel-operator_knative_dev_knative_serving_v1beta1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_discovery_service_certificate_v1alpha1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_discovery_service_v1alpha1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_envoy_deployment_v1alpha1_manifest_test.go out/test-sentinel-operator_open_cluster_management_io_cluster_manager_v1_manifest_test.go out/test-sentinel-operator_open_cluster_management_io_klusterlet_v1_manifest_test.go out/test-sentinel-operator_shipwright_io_shipwright_build_v1alpha1_manifest_test.go out/test-sentinel-operator_tigera_io_amazon_cloud_integration_v1_manifest_test.go out/test-sentinel-operator_tigera_io_api_server_v1_manifest_test.go out/test-sentinel-operator_tigera_io_application_layer_v1_manifest_test.go out/test-sentinel-operator_tigera_io_authentication_v1_manifest_test.go out/test-sentinel-operator_tigera_io_compliance_v1_manifest_test.go out/test-sentinel-operator_tigera_io_egress_gateway_v1_manifest_test.go out/test-sentinel-operator_tigera_io_image_set_v1_manifest_test.go out/test-sentinel-operator_tigera_io_installation_v1_manifest_test.go out/test-sentinel-operator_tigera_io_intrusion_detection_v1_manifest_test.go out/test-sentinel-operator_tigera_io_log_collector_v1_manifest_test.go out/test-sentinel-operator_tigera_io_log_storage_v1_manifest_test.go out/test-sentinel-operator_tigera_io_management_cluster_connection_v1_manifest_test.go out/test-sentinel-operator_tigera_io_management_cluster_v1_manifest_test.go out/test-sentinel-operator_tigera_io_manager_v1_manifest_test.go out/test-sentinel-operator_tigera_io_monitor_v1_manifest_test.go out/test-sentinel-operator_tigera_io_packet_capture_v1_manifest_test.go out/test-sentinel-operator_tigera_io_policy_recommendation_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tenant_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tigera_status_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tls_pass_through_route_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tls_terminated_route_v1_manifest_test.go out/test-sentinel-operator_tigera_io_amazon_cloud_integration_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_agent_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alert_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_auth_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_cluster_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_probe_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_rule_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_single_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_user_v1beta1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_backup_schedule_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_backup_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_config_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_cron_anything_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_database_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_export_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_import_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_instance_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_pitr_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_release_v1alpha1_manifest_test.go out/test-sentinel-org_eclipse_che_che_cluster_v1_manifest_test.go out/test-sentinel-org_eclipse_che_che_cluster_v2_manifest_test.go out/test-sentinel-organizations_services_k8s_aws_organizational_unit_v1alpha1_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_backup_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_cluster_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_restore_v2_manifest_test.go out/test-sentinel-pipes_services_k8s_aws_pipe_v1alpha1_manifest_test.go out/test-sentinel-pkg_crossplane_io_configuration_revision_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_configuration_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_provider_revision_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_provider_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_controller_config_v1alpha1_manifest_test.go out/test-sentinel-pkg_crossplane_io_lock_v1beta1_manifest_test.go out/test-sentinel-policy_clusterpedia_io_cluster_import_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_clusterpedia_io_pedia_cluster_lifecycle_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_cluster_override_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_federated_resource_quota_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_override_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_kubeedge_io_service_account_access_v1alpha1_manifest_test.go out/test-sentinel-policy_networking_k8s_io_admin_network_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_networking_k8s_io_baseline_admin_network_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_pod_disruption_budget_v1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_pg_admin_v1beta1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_backup_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_cluster_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_pooler_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_scheduled_backup_v1_manifest_test.go out/test-sentinel-projectcontour_io_http_proxy_v1_manifest_test.go out/test-sentinel-projectcontour_io_tls_certificate_delegation_v1_manifest_test.go out/test-sentinel-projectcontour_io_contour_configuration_v1alpha1_manifest_test.go out/test-sentinel-projectcontour_io_contour_deployment_v1alpha1_manifest_test.go out/test-sentinel-projectcontour_io_extension_service_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_alert_manager_definition_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_logging_configuration_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_rule_groups_namespace_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_workspace_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_backup_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_restore_v1alpha1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_v1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_backup_v1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_restore_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_node_ptp_device_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_ptp_config_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_ptp_operator_config_v1_manifest_test.go out/test-sentinel-pubsubplus_solace_com_pub_sub_plus_event_broker_v1beta1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_backup_v1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_v1_manifest_test.go out/test-sentinel-quay_redhat_com_quay_registry_v1_manifest_test.go out/test-sentinel-quota_codeflare_dev_quota_subtree_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_cluster_v1_manifest_test.go out/test-sentinel-ray_io_ray_job_v1_manifest_test.go out/test-sentinel-ray_io_ray_service_v1_manifest_test.go out/test-sentinel-ray_io_ray_cluster_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_job_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_service_v1alpha1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_cluster_role_binding_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_cluster_role_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_role_binding_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_role_v1_manifest_test.go out/test-sentinel-rbacmanager_reactiveops_io_rbac_definition_v1beta1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_component_v1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_operation_v1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_component_v1beta2_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_operation_v1beta2_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_cluster_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_proxy_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_global_cluster_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_group_config_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_keepalived_group_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_namespace_config_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_patch_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_user_config_v1alpha1_manifest_test.go out/test-sentinel-registry_apicur_io_apicurio_registry_v1_manifest_test.go out/test-sentinel-registry_devfile_io_cluster_devfile_registries_list_v1alpha1_manifest_test.go out/test-sentinel-registry_devfile_io_devfile_registries_list_v1alpha1_manifest_test.go out/test-sentinel-registry_devfile_io_devfile_registry_v1alpha1_manifest_test.go out/test-sentinel-reliablesyncs_kubeedge_io_cluster_object_sync_v1alpha1_manifest_test.go out/test-sentinel-reliablesyncs_kubeedge_io_object_sync_v1alpha1_manifest_test.go out/test-sentinel-remediation_medik8s_io_node_health_check_v1alpha1_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_backup_v1beta2_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_restore_v1beta2_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_v1beta2_manifest_test.go out/test-sentinel-reports_kyverno_io_cluster_ephemeral_report_v1_manifest_test.go out/test-sentinel-reports_kyverno_io_ephemeral_report_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_login_rule_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_okta_import_rule_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_provision_token_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_saml_connector_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_user_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_github_connector_v3_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_oidc_connector_v3_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_role_v5_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_role_v6_manifest_test.go out/test-sentinel-ripsaw_cloudbulldozer_io_benchmark_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_broker_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_console_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_name_service_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_topic_transfer_v1alpha1_manifest_test.go out/test-sentinel-route53_services_k8s_aws_hosted_zone_v1alpha1_manifest_test.go out/test-sentinel-route53_services_k8s_aws_record_set_v1alpha1_manifest_test.go out/test-sentinel-route53resolver_services_k8s_aws_resolver_endpoint_v1alpha1_manifest_test.go out/test-sentinel-route53resolver_services_k8s_aws_resolver_rule_v1alpha1_manifest_test.go out/test-sentinel-rules_kubeedge_io_rule_endpoint_v1_manifest_test.go out/test-sentinel-rules_kubeedge_io_rule_v1_manifest_test.go out/test-sentinel-runtime_cluster_x_k8s_io_extension_config_v1alpha1_manifest_test.go out/test-sentinel-s3_services_k8s_aws_bucket_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_bucket_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_user_claim_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_user_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_app_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_data_quality_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_domain_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_endpoint_config_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_endpoint_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_feature_group_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_hyper_parameter_tuning_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_bias_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_explainability_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_package_group_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_package_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_quality_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_monitoring_schedule_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_notebook_instance_lifecycle_config_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_notebook_instance_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_processing_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_training_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_transform_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_user_profile_v1alpha1_manifest_test.go out/test-sentinel-scheduling_k8s_io_priority_class_v1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_device_v1alpha1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_pod_migration_job_v1alpha1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_reservation_v1alpha1_manifest_test.go out/test-sentinel-scheduling_sigs_k8s_io_elastic_quota_v1alpha1_manifest_test.go out/test-sentinel-scheduling_sigs_k8s_io_pod_group_v1alpha1_manifest_test.go out/test-sentinel-scheduling_volcano_sh_pod_group_v1beta1_manifest_test.go out/test-sentinel-scheduling_volcano_sh_queue_v1beta1_manifest_test.go out/test-sentinel-schemas_schemahero_io_data_type_v1alpha4_manifest_test.go out/test-sentinel-schemas_schemahero_io_migration_v1alpha4_manifest_test.go out/test-sentinel-schemas_schemahero_io_table_v1alpha4_manifest_test.go out/test-sentinel-scylla_scylladb_com_scylla_cluster_v1_manifest_test.go out/test-sentinel-scylla_scylladb_com_node_config_v1alpha1_manifest_test.go out/test-sentinel-scylla_scylladb_com_scylla_operator_config_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_basic_auth_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_ssh_key_pair_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_string_secret_v1alpha1_manifest_test.go out/test-sentinel-secrets_crossplane_io_store_config_v1alpha1_manifest_test.go out/test-sentinel-secrets_doppler_com_doppler_secret_v1alpha1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_hcp_auth_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_auth_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_connection_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_static_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1_manifest_test.go out/test-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1alpha1_manifest_test.go out/test-sentinel-secretsmanager_services_k8s_aws_secret_v1alpha1_manifest_test.go out/test-sentinel-secscan_quay_redhat_com_image_manifest_vuln_v1alpha1_manifest_test.go out/test-sentinel-security_istio_io_authorization_policy_v1_manifest_test.go out/test-sentinel-security_istio_io_peer_authentication_v1_manifest_test.go out/test-sentinel-security_istio_io_request_authentication_v1_manifest_test.go out/test-sentinel-security_istio_io_authorization_policy_v1beta1_manifest_test.go out/test-sentinel-security_istio_io_peer_authentication_v1beta1_manifest_test.go out/test-sentinel-security_istio_io_request_authentication_v1beta1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_app_armor_profile_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_profile_binding_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_profile_recording_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_security_profile_node_status_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_security_profiles_operator_daemon_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_raw_selinux_profile_v1alpha2_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_selinux_profile_v1alpha2_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_seccomp_profile_v1beta1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_config_v1alpha1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_v1alpha1_manifest_test.go out/test-sentinel-sematext_com_sematext_agent_v1_manifest_test.go out/test-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1alpha3_manifest_test.go out/test-sentinel-servicebinding_io_service_binding_v1alpha3_manifest_test.go out/test-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1beta1_manifest_test.go out/test-sentinel-servicebinding_io_service_binding_v1beta1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_control_plane_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_mesh_gateway_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_mesh_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_peer_istio_control_plane_v1alpha1_manifest_test.go out/test-sentinel-services_k8s_aws_adopted_resource_v1alpha1_manifest_test.go out/test-sentinel-services_k8s_aws_field_export_v1alpha1_manifest_test.go out/test-sentinel-serving_kubedl_io_inference_v1alpha1_manifest_test.go out/test-sentinel-sfn_services_k8s_aws_activity_v1alpha1_manifest_test.go out/test-sentinel-sfn_services_k8s_aws_state_machine_v1alpha1_manifest_test.go out/test-sentinel-site_superedge_io_node_group_v1alpha1_manifest_test.go out/test-sentinel-site_superedge_io_node_unit_v1alpha1_manifest_test.go out/test-sentinel-slo_koordinator_sh_node_metric_v1alpha1_manifest_test.go out/test-sentinel-slo_koordinator_sh_node_slo_v1alpha1_manifest_test.go out/test-sentinel-sloth_slok_dev_prometheus_service_level_v1_manifest_test.go out/test-sentinel-snapscheduler_backube_snapshot_schedule_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1beta1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1beta1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1beta1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_platform_application_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_platform_endpoint_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_subscription_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_topic_v1alpha1_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_build_v1alpha08_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_platform_v1alpha08_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_v1alpha08_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_oci_repository_v1beta2_manifest_test.go out/test-sentinel-sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest_test.go out/test-sentinel-sparkoperator_k8s_io_spark_application_v1beta2_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_identity_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_managed_identity_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v2alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v2beta1_manifest_test.go out/test-sentinel-sqs_services_k8s_aws_queue_v1alpha1_manifest_test.go out/test-sentinel-storage_k8s_io_csi_driver_v1_manifest_test.go out/test-sentinel-storage_k8s_io_csi_node_v1_manifest_test.go out/test-sentinel-storage_k8s_io_storage_class_v1_manifest_test.go out/test-sentinel-storage_k8s_io_volume_attachment_v1_manifest_test.go out/test-sentinel-storage_kubeblocks_io_storage_provider_v1alpha1_manifest_test.go out/test-sentinel-storageos_com_storage_os_cluster_v1_manifest_test.go out/test-sentinel-sts_min_io_policy_binding_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_dataplane_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_gateway_config_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_static_service_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_udp_route_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_dataplane_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_gateway_config_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_static_service_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_broker_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_service_discovery_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_submariner_v1alpha1_manifest_test.go out/test-sentinel-telemetry_istio_io_telemetry_v1_manifest_test.go out/test-sentinel-telemetry_istio_io_telemetry_v1alpha1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1alpha1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1beta1_manifest_test.go out/test-sentinel-tempo_grafana_com_tempo_monolithic_v1alpha1_manifest_test.go out/test-sentinel-tempo_grafana_com_tempo_stack_v1alpha1_manifest_test.go out/test-sentinel-temporal_io_temporal_cluster_client_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_cluster_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_namespace_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_worker_process_v1beta1_manifest_test.go out/test-sentinel-tests_testkube_io_script_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_execution_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_source_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_execution_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_trigger_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_v1_manifest_test.go out/test-sentinel-tests_testkube_io_script_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v3_manifest_test.go out/test-sentinel-tests_testkube_io_test_v3_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_alarm_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_snmp_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_cassandra_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_config_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_control_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_kubemanager_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_manager_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_query_engine_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_rabbitmq_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_redis_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_vrouter_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_webui_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_zookeeper_v1alpha1_manifest_test.go out/test-sentinel-theketch_io_app_v1beta1_manifest_test.go out/test-sentinel-theketch_io_job_v1beta1_manifest_test.go out/test-sentinel-tinkerbell_org_hardware_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_osie_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_stack_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_template_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_workflow_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_hardware_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_osie_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_template_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_workflow_v1alpha2_manifest_test.go out/test-sentinel-topology_node_k8s_io_node_resource_topology_v1alpha1_manifest_test.go out/test-sentinel-topolvm_cybozu_com_logical_volume_v1_manifest_test.go out/test-sentinel-topolvm_cybozu_com_topolvm_cluster_v2_manifest_test.go out/test-sentinel-traefik_io_ingress_route_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_ingress_route_udp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_ingress_route_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_middleware_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_middleware_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_servers_transport_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_servers_transport_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_tls_option_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_tls_store_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_traefik_service_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_elastic_dl_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_mars_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_mpi_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_py_torch_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_tf_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_xdl_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_xg_boost_job_v1alpha1_manifest_test.go out/test-sentinel-trust_cert_manager_io_bundle_v1alpha1_manifest_test.go out/test-sentinel-upgrade_cattle_io_plan_v1_manifest_test.go out/test-sentinel-upgrade_managed_openshift_io_upgrade_config_v1alpha1_manifest_test.go out/test-sentinel-velero_io_backup_repository_v1_manifest_test.go out/test-sentinel-velero_io_backup_storage_location_v1_manifest_test.go out/test-sentinel-velero_io_backup_v1_manifest_test.go out/test-sentinel-velero_io_delete_backup_request_v1_manifest_test.go out/test-sentinel-velero_io_download_request_v1_manifest_test.go out/test-sentinel-velero_io_pod_volume_backup_v1_manifest_test.go out/test-sentinel-velero_io_pod_volume_restore_v1_manifest_test.go out/test-sentinel-velero_io_restore_v1_manifest_test.go out/test-sentinel-velero_io_schedule_v1_manifest_test.go out/test-sentinel-velero_io_server_status_request_v1_manifest_test.go out/test-sentinel-velero_io_volume_snapshot_location_v1_manifest_test.go out/test-sentinel-velero_io_data_download_v2alpha1_manifest_test.go out/test-sentinel-velero_io_data_upload_v2alpha1_manifest_test.go out/test-sentinel-virt_virtink_smartx_com_virtual_machine_migration_v1alpha1_manifest_test.go out/test-sentinel-virt_virtink_smartx_com_virtual_machine_v1alpha1_manifest_test.go out/test-sentinel-volsync_backube_replication_destination_v1alpha1_manifest_test.go out/test-sentinel-volsync_backube_replication_source_v1alpha1_manifest_test.go out/test-sentinel-vpcresources_k8s_aws_cni_node_v1alpha1_manifest_test.go out/test-sentinel-vpcresources_k8s_aws_security_group_policy_v1beta1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1alpha1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha2_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1alpha2_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1beta1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1beta1_manifest_test.go out/test-sentinel-wildfly_org_wild_fly_server_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_cluster_resource_binding_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_resource_binding_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_work_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_cluster_resource_binding_v1alpha2_manifest_test.go out/test-sentinel-work_karmada_io_resource_binding_v1alpha2_manifest_test.go out/test-sentinel-workload_codeflare_dev_app_wrapper_v1beta1_manifest_test.go out/test-sentinel-workload_codeflare_dev_scheduling_spec_v1beta1_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_instance_set_v1alpha1_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_replicated_state_machine_v1alpha1_manifest_test.go out/test-sentinel-zonecontrol_k8s_aws_zone_aware_update_v1_manifest_test.go out/test-sentinel-zonecontrol_k8s_aws_zone_disruption_budget_v1_manifest_test.go out/test-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.go out/tools-tests-sentinel ## run the unit tests +tests: out/test-sentinel-about_k8s_io_cluster_property_v1alpha1_manifest_test.go out/test-sentinel-acid_zalan_do_operator_configuration_v1_manifest_test.go out/test-sentinel-acid_zalan_do_postgres_team_v1_manifest_test.go out/test-sentinel-acid_zalan_do_postgresql_v1_manifest_test.go out/test-sentinel-acme_cert_manager_io_challenge_v1_manifest_test.go out/test-sentinel-acme_cert_manager_io_order_v1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_authority_activation_v1alpha1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_authority_v1alpha1_manifest_test.go out/test-sentinel-acmpca_services_k8s_aws_certificate_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_autoscaling_listener_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_autoscaling_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_ephemeral_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_github_com_ephemeral_runner_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_horizontal_runner_autoscaler_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_deployment_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_replica_set_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_set_v1alpha1_manifest_test.go out/test-sentinel-actions_summerwind_dev_runner_v1alpha1_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha3_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha3_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1alpha4_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1alpha4_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_binding_v1beta1_manifest_test.go out/test-sentinel-addons_cluster_x_k8s_io_cluster_resource_set_v1beta1_manifest_test.go out/test-sentinel-admissionregistration_k8s_io_mutating_webhook_configuration_v1_manifest_test.go out/test-sentinel-admissionregistration_k8s_io_validating_webhook_configuration_v1_manifest_test.go out/test-sentinel-agent_k8s_elastic_co_agent_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_aws_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_aws_iam_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_bundles_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cloud_stack_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cloud_stack_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_cluster_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_control_plane_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_docker_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_eksa_release_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_flux_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_git_ops_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_machine_deployment_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_node_upgrade_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_nutanix_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_nutanix_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_oidc_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_ip_pool_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_snow_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_machine_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_tinkerbell_template_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_v_sphere_datacenter_config_v1alpha1_manifest_test.go out/test-sentinel-anywhere_eks_amazonaws_com_v_sphere_machine_config_v1alpha1_manifest_test.go out/test-sentinel-apacheweb_arsenal_dev_apacheweb_v1alpha1_manifest_test.go out/test-sentinel-api_clever_cloud_com_config_provider_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_elastic_search_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_mongo_db_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_my_sql_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_postgre_sql_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_redis_v1_manifest_test.go out/test-sentinel-api_clever_cloud_com_pulsar_v1beta1_manifest_test.go out/test-sentinel-api_kubemod_io_mod_rule_v1beta1_manifest_test.go out/test-sentinel-apicodegen_apimatic_io_api_matic_v1beta1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composite_resource_definition_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_revision_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_v1_manifest_test.go out/test-sentinel-apiextensions_crossplane_io_composition_revision_v1beta1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_api_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_authorizer_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_deployment_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_integration_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_route_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_stage_v1alpha1_manifest_test.go out/test-sentinel-apigatewayv2_services_k8s_aws_vpc_link_v1alpha1_manifest_test.go out/test-sentinel-apiregistration_k8s_io_api_service_v1_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_cluster_config_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_consumer_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_global_rule_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_plugin_config_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_route_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_tls_v2_manifest_test.go out/test-sentinel-apisix_apache_org_apisix_upstream_v2_manifest_test.go out/test-sentinel-apm_k8s_elastic_co_apm_server_v1_manifest_test.go out/test-sentinel-apm_k8s_elastic_co_apm_server_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_build_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_infra_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_runtime_v1beta1_manifest_test.go out/test-sentinel-app_kiegroup_org_kogito_supporting_service_v1beta1_manifest_test.go out/test-sentinel-app_lightbend_com_akka_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_cluster_v1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_active_active_database_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_database_v1alpha1_manifest_test.go out/test-sentinel-app_redislabs_com_redis_enterprise_remote_cluster_v1alpha1_manifest_test.go out/test-sentinel-app_terraform_io_agent_pool_v1alpha2_manifest_test.go out/test-sentinel-app_terraform_io_module_v1alpha2_manifest_test.go out/test-sentinel-app_terraform_io_workspace_v1alpha2_manifest_test.go out/test-sentinel-application_networking_k8s_aws_access_log_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_iam_auth_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_service_import_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_target_group_policy_v1alpha1_manifest_test.go out/test-sentinel-application_networking_k8s_aws_vpc_association_policy_v1alpha1_manifest_test.go out/test-sentinel-applicationautoscaling_services_k8s_aws_scalable_target_v1alpha1_manifest_test.go out/test-sentinel-applicationautoscaling_services_k8s_aws_scaling_policy_v1alpha1_manifest_test.go out/test-sentinel-appmesh_k8s_aws_backend_group_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_gateway_route_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_mesh_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_gateway_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_node_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_router_v1beta2_manifest_test.go out/test-sentinel-appmesh_k8s_aws_virtual_service_v1beta2_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_log_conf_v1beta1_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_policy_v1beta1_manifest_test.go out/test-sentinel-appprotect_f5_com_ap_user_sig_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_ap_dos_log_conf_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_ap_dos_policy_v1beta1_manifest_test.go out/test-sentinel-appprotectdos_f5_com_dos_protected_resource_v1beta1_manifest_test.go out/test-sentinel-apps_3scale_net_ap_icast_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_backup_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_restore_v1alpha1_manifest_test.go out/test-sentinel-apps_3scale_net_api_manager_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_base_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_description_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_feed_inventory_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_globalization_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_helm_chart_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_helm_release_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_localization_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_manifest_v1alpha1_manifest_test.go out/test-sentinel-apps_clusternet_io_subscription_v1alpha1_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_broker_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_enterprise_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_plugin_v1beta3_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_broker_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_enterprise_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_plugin_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_rebalance_v1beta4_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_v2alpha1_manifest_test.go out/test-sentinel-apps_emqx_io_emqx_v2beta1_manifest_test.go out/test-sentinel-apps_emqx_io_rebalance_v2beta1_manifest_test.go out/test-sentinel-apps_gitlab_com_git_lab_v1beta1_manifest_test.go out/test-sentinel-apps_gitlab_com_runner_v1beta2_manifest_test.go out/test-sentinel-apps_kubeblocks_io_backup_policy_template_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_cluster_version_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_class_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_resource_constraint_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_component_version_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_config_constraint_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_configuration_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_ops_definition_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_ops_request_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_service_descriptor_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeblocks_io_config_constraint_v1beta1_manifest_test.go out/test-sentinel-apps_kubedl_io_cron_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeedge_io_edge_application_v1alpha1_manifest_test.go out/test-sentinel-apps_kubeedge_io_node_group_v1alpha1_manifest_test.go out/test-sentinel-apps_m88i_io_nexus_v1alpha1_manifest_test.go out/test-sentinel-apps_redhat_com_cluster_impairment_v1alpha1_manifest_test.go out/test-sentinel-apps_daemon_set_v1_manifest_test.go out/test-sentinel-apps_deployment_v1_manifest_test.go out/test-sentinel-apps_replica_set_v1_manifest_test.go out/test-sentinel-apps_stateful_set_v1_manifest_test.go out/test-sentinel-aquasecurity_github_io_aqua_starboard_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_app_project_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_application_set_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_application_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_export_v1alpha1_manifest_test.go out/test-sentinel-argoproj_io_argo_cd_v1beta1_manifest_test.go out/test-sentinel-asdb_aerospike_com_aerospike_cluster_v1_manifest_test.go out/test-sentinel-asdb_aerospike_com_aerospike_cluster_v1beta1_manifest_test.go out/test-sentinel-atlasmap_io_atlas_map_v1alpha1_manifest_test.go out/test-sentinel-auth_ops42_org_aws_auth_sync_config_v1alpha1_manifest_test.go out/test-sentinel-authzed_com_spice_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-automation_kubensync_com_managed_resource_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_k8s_elastic_co_elasticsearch_autoscaler_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_checkpoint_v1beta2_manifest_test.go out/test-sentinel-autoscaling_k8s_io_vertical_pod_autoscaler_v1beta2_manifest_test.go out/test-sentinel-autoscaling_karmada_io_cron_federated_hpa_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_karmada_io_federated_hpa_v1alpha1_manifest_test.go out/test-sentinel-autoscaling_horizontal_pod_autoscaler_v1_manifest_test.go out/test-sentinel-autoscaling_horizontal_pod_autoscaler_v2_manifest_test.go out/test-sentinel-awx_ansible_com_awx_v1beta1_manifest_test.go out/test-sentinel-awx_ansible_com_awx_backup_v1beta1_manifest_test.go out/test-sentinel-awx_ansible_com_awx_restore_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_apim_service_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_api_mgmt_api_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_app_insights_api_key_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_app_insights_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_load_balancer_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_network_interface_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_public_ip_address_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_action_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_failover_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_managed_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_virtual_machine_extension_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_virtual_machine_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_vm_scale_set_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_blob_container_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_consumer_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_cosmos_db_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_eventhub_namespace_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_eventhub_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_key_vault_key_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_key_vault_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_administrator_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_database_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_user_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sqlv_net_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_redis_cache_action_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_redis_cache_firewall_rule_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_resource_group_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_storage_account_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_virtual_network_v1alpha1_manifest_test.go out/test-sentinel-azure_microsoft_com_blob_container_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sqlaad_user_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_server_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_my_sql_user_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_postgre_sql_server_v1alpha2_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_database_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_failover_group_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_firewall_rule_v1beta1_manifest_test.go out/test-sentinel-azure_microsoft_com_azure_sql_server_v1beta1_manifest_test.go out/test-sentinel-b3scale_infra_run_bbb_frontend_v1_manifest_test.go out/test-sentinel-batch_cron_job_v1_manifest_test.go out/test-sentinel-batch_job_v1_manifest_test.go out/test-sentinel-batch_volcano_sh_job_v1alpha1_manifest_test.go out/test-sentinel-beat_k8s_elastic_co_beat_v1beta1_manifest_test.go out/test-sentinel-beegfs_csi_netapp_com_beegfs_driver_v1_manifest_test.go out/test-sentinel-binding_operators_coreos_com_service_binding_v1alpha1_manifest_test.go out/test-sentinel-bitnami_com_sealed_secret_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_job_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_machine_v1alpha1_manifest_test.go out/test-sentinel-bmc_tinkerbell_org_task_v1alpha1_manifest_test.go out/test-sentinel-boskos_k8s_io_drlc_object_v1_manifest_test.go out/test-sentinel-boskos_k8s_io_resource_object_v1_manifest_test.go out/test-sentinel-bpfman_io_bpf_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_fentry_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_fexit_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_kprobe_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_tc_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_tracepoint_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_uprobe_program_v1alpha1_manifest_test.go out/test-sentinel-bpfman_io_xdp_program_v1alpha1_manifest_test.go out/test-sentinel-bus_volcano_sh_command_v1alpha1_manifest_test.go out/test-sentinel-cache_kubedl_io_cache_backend_v1alpha1_manifest_test.go out/test-sentinel-caching_ibm_com_varnish_cluster_v1alpha1_manifest_test.go out/test-sentinel-camel_apache_org_build_v1_manifest_test.go out/test-sentinel-camel_apache_org_camel_catalog_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_kit_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_platform_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_profile_v1_manifest_test.go out/test-sentinel-camel_apache_org_integration_v1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_v1_manifest_test.go out/test-sentinel-camel_apache_org_pipe_v1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_binding_v1alpha1_manifest_test.go out/test-sentinel-camel_apache_org_kamelet_v1alpha1_manifest_test.go out/test-sentinel-canaries_flanksource_com_canary_v1_manifest_test.go out/test-sentinel-canaries_flanksource_com_component_v1_manifest_test.go out/test-sentinel-canaries_flanksource_com_topology_v1_manifest_test.go out/test-sentinel-capabilities_3scale_net_tenant_v1alpha1_manifest_test.go out/test-sentinel-capabilities_3scale_net_active_doc_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_application_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_backend_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_custom_policy_definition_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_developer_account_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_developer_user_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_open_api_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_product_v1beta1_manifest_test.go out/test-sentinel-capabilities_3scale_net_proxy_config_promote_v1beta1_manifest_test.go out/test-sentinel-capsule_clastix_io_capsule_configuration_v1alpha1_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1alpha1_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1beta1_manifest_test.go out/test-sentinel-capsule_clastix_io_capsule_configuration_v1beta2_manifest_test.go out/test-sentinel-capsule_clastix_io_tenant_v1beta2_manifest_test.go out/test-sentinel-cassandra_datastax_com_cassandra_datacenter_v1beta1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_block_pool_rados_namespace_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_block_pool_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_bucket_notification_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_bucket_topic_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_client_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_cluster_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_cosi_driver_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_mirror_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_sub_volume_group_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_filesystem_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_nfs_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_realm_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_store_user_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_store_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_zone_group_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_object_zone_v1_manifest_test.go out/test-sentinel-ceph_rook_io_ceph_rbd_mirror_v1_manifest_test.go out/test-sentinel-cert_manager_io_certificate_request_v1_manifest_test.go out/test-sentinel-cert_manager_io_certificate_v1_manifest_test.go out/test-sentinel-cert_manager_io_cluster_issuer_v1_manifest_test.go out/test-sentinel-cert_manager_io_issuer_v1_manifest_test.go out/test-sentinel-certificates_k8s_io_certificate_signing_request_v1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_configuration_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_test_v1alpha1_manifest_test.go out/test-sentinel-chainsaw_kyverno_io_configuration_v1alpha2_manifest_test.go out/test-sentinel-chaos_mesh_org_aws_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_azure_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_block_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_dns_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_gcp_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_http_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_io_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_jvm_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_kernel_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_network_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_physical_machine_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_physical_machine_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_http_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_io_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_pod_network_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_remote_cluster_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_schedule_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_status_check_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_stress_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_time_chaos_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_workflow_node_v1alpha1_manifest_test.go out/test-sentinel-chaos_mesh_org_workflow_v1alpha1_manifest_test.go out/test-sentinel-chaosblade_io_chaos_blade_v1alpha1_manifest_test.go out/test-sentinel-charts_amd_com_amdgpu_v1alpha1_manifest_test.go out/test-sentinel-charts_flagsmith_com_flagsmith_v1alpha1_manifest_test.go out/test-sentinel-charts_helm_k8s_io_snyk_monitor_v1alpha1_manifest_test.go out/test-sentinel-charts_opdev_io_synapse_v1alpha1_manifest_test.go out/test-sentinel-charts_operatorhub_io_cockroachdb_v1alpha1_manifest_test.go out/test-sentinel-che_eclipse_org_kubernetes_image_puller_v1alpha1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_provisioner_v1_manifest_test.go out/test-sentinel-chisel_operator_io_exit_node_v1_manifest_test.go out/test-sentinel-cilium_io_cilium_clusterwide_envoy_config_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_clusterwide_network_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_egress_gateway_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_envoy_config_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_external_workload_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_identity_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_local_redirect_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_network_policy_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_node_v2_manifest_test.go out/test-sentinel-cilium_io_cilium_bgp_peering_policy_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_cidr_group_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_endpoint_slice_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_l2_announcement_policy_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_load_balancer_ip_pool_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_node_config_v2alpha1_manifest_test.go out/test-sentinel-cilium_io_cilium_pod_ip_pool_v2alpha1_manifest_test.go out/test-sentinel-claudie_io_input_manifest_v1beta1_manifest_test.go out/test-sentinel-cloudformation_linki_space_stack_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_cache_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_distribution_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_function_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_origin_request_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudfront_services_k8s_aws_response_headers_policy_v1alpha1_manifest_test.go out/test-sentinel-cloudtrail_services_k8s_aws_event_data_store_v1alpha1_manifest_test.go out/test-sentinel-cloudtrail_services_k8s_aws_trail_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_aws_amazon_com_amazon_cloud_watch_agent_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_aws_amazon_com_instrumentation_v1alpha1_manifest_test.go out/test-sentinel-cloudwatch_services_k8s_aws_metric_alarm_v1alpha1_manifest_test.go out/test-sentinel-cloudwatchlogs_services_k8s_aws_log_group_v1alpha1_manifest_test.go out/test-sentinel-cluster_clusterpedia_io_cluster_sync_resources_v1alpha2_manifest_test.go out/test-sentinel-cluster_clusterpedia_io_pedia_cluster_v1alpha2_manifest_test.go out/test-sentinel-cluster_ipfs_io_circuit_relay_v1alpha1_manifest_test.go out/test-sentinel-cluster_ipfs_io_ipfs_cluster_v1alpha1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1alpha3_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_class_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1alpha4_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_class_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_cluster_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_deployment_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_health_check_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_pool_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_set_v1beta1_manifest_test.go out/test-sentinel-cluster_x_k8s_io_machine_v1beta1_manifest_test.go out/test-sentinel-clusters_clusternet_io_cluster_registration_request_v1beta1_manifest_test.go out/test-sentinel-clusters_clusternet_io_managed_cluster_v1beta1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_instance_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_quota_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_setup_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_cluster_template_v1alpha1_manifest_test.go out/test-sentinel-clustertemplate_openshift_io_config_v1alpha1_manifest_test.go out/test-sentinel-confidentialcontainers_org_cc_runtime_v1beta1_manifest_test.go out/test-sentinel-config_gatekeeper_sh_config_v1alpha1_manifest_test.go out/test-sentinel-config_grafana_com_project_config_v1_manifest_test.go out/test-sentinel-config_karmada_io_resource_interpreter_customization_v1alpha1_manifest_test.go out/test-sentinel-config_karmada_io_resource_interpreter_webhook_configuration_v1alpha1_manifest_test.go out/test-sentinel-config_koordinator_sh_cluster_colocation_profile_v1alpha1_manifest_test.go out/test-sentinel-config_storageos_com_operator_config_v1_manifest_test.go out/test-sentinel-control_k8ssandra_io_cassandra_task_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_collected_status_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_federated_object_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_override_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_collected_status_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_cluster_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_object_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_federated_type_config_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_override_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_scheduler_plugin_webhook_configuration_v1alpha1_manifest_test.go out/test-sentinel-core_kubeadmiral_io_scheduling_profile_v1alpha1_manifest_test.go out/test-sentinel-core_linuxsuren_github_com_a_test_v1alpha1_manifest_test.go out/test-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha1_manifest_test.go out/test-sentinel-core_openfeature_dev_feature_flag_configuration_v1alpha2_manifest_test.go out/test-sentinel-core_strimzi_io_strimzi_pod_set_v1beta2_manifest_test.go out/test-sentinel-config_map_v1_manifest_test.go out/test-sentinel-endpoints_v1_manifest_test.go out/test-sentinel-limit_range_v1_manifest_test.go out/test-sentinel-namespace_v1_manifest_test.go out/test-sentinel-persistent_volume_claim_v1_manifest_test.go out/test-sentinel-persistent_volume_v1_manifest_test.go out/test-sentinel-pod_v1_manifest_test.go out/test-sentinel-replication_controller_v1_manifest_test.go out/test-sentinel-secret_v1_manifest_test.go out/test-sentinel-service_account_v1_manifest_test.go out/test-sentinel-service_v1_manifest_test.go out/test-sentinel-couchbase_com_couchbase_autoscaler_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_backup_restore_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_backup_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_cluster_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_collection_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_collection_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_ephemeral_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_memcached_bucket_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_migration_replication_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_replication_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_role_binding_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_scope_group_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_scope_v2_manifest_test.go out/test-sentinel-couchbase_com_couchbase_user_v2_manifest_test.go out/test-sentinel-craftypath_github_io_sops_secret_v1alpha1_manifest_test.go out/test-sentinel-crane_konveyor_io_operator_config_v1alpha1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_filter_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_bgp_peer_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_block_affinity_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_calico_node_status_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_cluster_information_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_felix_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_global_network_policy_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_global_network_set_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_host_endpoint_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_block_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_config_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ipam_handle_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ip_pool_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_ip_reservation_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_kube_controllers_configuration_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_network_policy_v1_manifest_test.go out/test-sentinel-crd_projectcalico_org_network_set_v1_manifest_test.go out/test-sentinel-data_fluid_io_alluxio_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_data_backup_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_data_load_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_dataset_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_goose_fs_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_jindo_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_juice_fs_runtime_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_thin_runtime_profile_v1alpha1_manifest_test.go out/test-sentinel-data_fluid_io_thin_runtime_v1alpha1_manifest_test.go out/test-sentinel-databases_schemahero_io_database_v1alpha4_manifest_test.go out/test-sentinel-databases_spotahome_com_redis_failover_v1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_agent_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_metric_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_monitor_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_slo_v1alpha1_manifest_test.go out/test-sentinel-datadoghq_com_datadog_agent_v2alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_action_set_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_policy_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_repo_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_schedule_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_backup_v1alpha1_manifest_test.go out/test-sentinel-dataprotection_kubeblocks_io_restore_v1alpha1_manifest_test.go out/test-sentinel-designer_kaoto_io_kaoto_v1alpha1_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_model_v1alpha2_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_v1alpha2_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_model_v1beta1_manifest_test.go out/test-sentinel-devices_kubeedge_io_device_v1beta1_manifest_test.go out/test-sentinel-devops_kubesphere_io_releaser_controller_v1alpha1_manifest_test.go out/test-sentinel-devops_kubesphere_io_releaser_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_identity_provider_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_o_auth2_client_v1alpha1_manifest_test.go out/test-sentinel-dex_gpu_ninja_com_dex_user_v1alpha1_manifest_test.go out/test-sentinel-digitalis_io_vals_secret_v1_manifest_test.go out/test-sentinel-digitalis_io_db_secret_v1beta1_manifest_test.go out/test-sentinel-discovery_k8s_io_endpoint_slice_v1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/test-sentinel-documentdb_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-druid_apache_org_druid_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_backup_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_global_table_v1alpha1_manifest_test.go out/test-sentinel-dynamodb_services_k8s_aws_table_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_dhcp_options_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_elastic_ip_address_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_instance_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_internet_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_nat_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_route_table_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_security_group_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_subnet_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_transit_gateway_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_vpc_v1alpha1_manifest_test.go out/test-sentinel-ec2_services_k8s_aws_vpc_endpoint_v1alpha1_manifest_test.go out/test-sentinel-ecr_services_k8s_aws_pull_through_cache_rule_v1alpha1_manifest_test.go out/test-sentinel-ecr_services_k8s_aws_repository_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_access_point_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_file_system_v1alpha1_manifest_test.go out/test-sentinel-efs_services_k8s_aws_mount_target_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_addon_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_fargate_profile_v1alpha1_manifest_test.go out/test-sentinel-eks_services_k8s_aws_nodegroup_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_cache_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_cache_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_replication_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_user_group_v1alpha1_manifest_test.go out/test-sentinel-elasticache_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1_manifest_test.go out/test-sentinel-elasticsearch_k8s_elastic_co_elasticsearch_v1beta1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_target_group_binding_v1alpha1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_ingress_class_params_v1beta1_manifest_test.go out/test-sentinel-elbv2_k8s_aws_target_group_binding_v1beta1_manifest_test.go out/test-sentinel-emrcontainers_services_k8s_aws_job_run_v1alpha1_manifest_test.go out/test-sentinel-emrcontainers_services_k8s_aws_virtual_cluster_v1alpha1_manifest_test.go out/test-sentinel-ensembleoss_io_cluster_v1_manifest_test.go out/test-sentinel-ensembleoss_io_resource_v1_manifest_test.go out/test-sentinel-enterprise_gloo_solo_io_auth_config_v1_manifest_test.go out/test-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1_manifest_test.go out/test-sentinel-enterprisesearch_k8s_elastic_co_enterprise_search_v1beta1_manifest_test.go out/test-sentinel-events_k8s_io_event_v1_manifest_test.go out/test-sentinel-everest_percona_com_backup_storage_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_backup_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_restore_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_cluster_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_database_engine_v1alpha1_manifest_test.go out/test-sentinel-everest_percona_com_monitoring_config_v1alpha1_manifest_test.go out/test-sentinel-execution_furiko_io_job_config_v1alpha1_manifest_test.go out/test-sentinel-execution_furiko_io_job_v1alpha1_manifest_test.go out/test-sentinel-executor_testkube_io_executor_v1_manifest_test.go out/test-sentinel-executor_testkube_io_webhook_v1_manifest_test.go out/test-sentinel-expansion_gatekeeper_sh_expansion_template_v1alpha1_manifest_test.go out/test-sentinel-expansion_gatekeeper_sh_expansion_template_v1beta1_manifest_test.go out/test-sentinel-extensions_istio_io_wasm_plugin_v1alpha1_manifest_test.go out/test-sentinel-extensions_kubeblocks_io_addon_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_secret_store_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_external_secret_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_secret_store_v1alpha1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_external_secret_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_cluster_secret_store_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_external_secret_v1beta1_manifest_test.go out/test-sentinel-external_secrets_io_secret_store_v1beta1_manifest_test.go out/test-sentinel-externaldata_gatekeeper_sh_provider_v1alpha1_manifest_test.go out/test-sentinel-externaldata_gatekeeper_sh_provider_v1beta1_manifest_test.go out/test-sentinel-externaldns_k8s_io_dns_endpoint_v1alpha1_manifest_test.go out/test-sentinel-externaldns_nginx_org_dns_endpoint_v1_manifest_test.go out/test-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-fence_agents_remediation_medik8s_io_fence_agents_remediation_v1alpha1_manifest_test.go out/test-sentinel-flagger_app_alert_provider_v1beta1_manifest_test.go out/test-sentinel-flagger_app_canary_v1beta1_manifest_test.go out/test-sentinel-flagger_app_metric_template_v1beta1_manifest_test.go out/test-sentinel-flink_apache_org_flink_deployment_v1beta1_manifest_test.go out/test-sentinel-flink_apache_org_flink_session_job_v1beta1_manifest_test.go out/test-sentinel-flow_volcano_sh_job_flow_v1alpha1_manifest_test.go out/test-sentinel-flow_volcano_sh_job_template_v1alpha1_manifest_test.go out/test-sentinel-flowcontrol_apiserver_k8s_io_flow_schema_v1beta3_manifest_test.go out/test-sentinel-flowcontrol_apiserver_k8s_io_priority_level_configuration_v1beta3_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1alpha1_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1beta1_manifest_test.go out/test-sentinel-flows_netobserv_io_flow_collector_v1beta2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_filter_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_fluent_bit_config_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_input_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_output_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_cluster_parser_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_collector_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_filter_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_fluent_bit_config_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_fluent_bit_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_output_v1alpha2_manifest_test.go out/test-sentinel-fluentbit_fluent_io_parser_v1alpha2_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_filter_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_fluentd_config_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_input_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_cluster_output_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_filter_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_fluentd_config_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_fluentd_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_input_v1alpha1_manifest_test.go out/test-sentinel-fluentd_fluent_io_output_v1alpha1_manifest_test.go out/test-sentinel-flux_framework_org_mini_cluster_v1alpha1_manifest_test.go out/test-sentinel-flux_framework_org_mini_cluster_v1alpha2_manifest_test.go out/test-sentinel-forklift_konveyor_io_forklift_controller_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_hook_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_host_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_migration_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_network_map_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_openstack_volume_populator_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_ovirt_volume_populator_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_plan_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_provider_v1beta1_manifest_test.go out/test-sentinel-forklift_konveyor_io_storage_map_v1beta1_manifest_test.go out/test-sentinel-fossul_io_backup_config_v1_manifest_test.go out/test-sentinel-fossul_io_backup_schedule_v1_manifest_test.go out/test-sentinel-fossul_io_backup_v1_manifest_test.go out/test-sentinel-fossul_io_fossul_v1_manifest_test.go out/test-sentinel-fossul_io_restore_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_class_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_grpc_route_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_http_route_v1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_grpc_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_tcp_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_tls_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_udp_route_v1alpha2_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_class_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_gateway_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_http_route_v1beta1_manifest_test.go out/test-sentinel-gateway_networking_k8s_io_reference_grant_v1beta1_manifest_test.go out/test-sentinel-gateway_nginx_org_client_settings_policy_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_nginx_gateway_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_nginx_proxy_v1alpha1_manifest_test.go out/test-sentinel-gateway_nginx_org_observability_policy_v1alpha1_manifest_test.go out/test-sentinel-gateway_solo_io_gateway_v1_manifest_test.go out/test-sentinel-gateway_solo_io_matchable_http_gateway_v1_manifest_test.go out/test-sentinel-gateway_solo_io_route_option_v1_manifest_test.go out/test-sentinel-gateway_solo_io_route_table_v1_manifest_test.go out/test-sentinel-gateway_solo_io_virtual_host_option_v1_manifest_test.go out/test-sentinel-gateway_solo_io_virtual_service_v1_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v1_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v1_manifest_test.go out/test-sentinel-getambassador_io_log_service_v1_manifest_test.go out/test-sentinel-getambassador_io_mapping_v1_manifest_test.go out/test-sentinel-getambassador_io_module_v1_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v1_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v1_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v1_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v1_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v2_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v2_manifest_test.go out/test-sentinel-getambassador_io_host_v2_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v2_manifest_test.go out/test-sentinel-getambassador_io_log_service_v2_manifest_test.go out/test-sentinel-getambassador_io_mapping_v2_manifest_test.go out/test-sentinel-getambassador_io_module_v2_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v2_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v2_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v2_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v2_manifest_test.go out/test-sentinel-getambassador_io_auth_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_consul_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_dev_portal_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_host_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_endpoint_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_kubernetes_service_resolver_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_listener_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_log_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_mapping_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_module_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_rate_limit_service_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tcp_mapping_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tls_context_v3alpha1_manifest_test.go out/test-sentinel-getambassador_io_tracing_service_v3alpha1_manifest_test.go out/test-sentinel-gitops_hybrid_cloud_patterns_io_pattern_v1alpha1_manifest_test.go out/test-sentinel-gloo_solo_io_proxy_v1_manifest_test.go out/test-sentinel-gloo_solo_io_settings_v1_manifest_test.go out/test-sentinel-gloo_solo_io_upstream_group_v1_manifest_test.go out/test-sentinel-gloo_solo_io_upstream_v1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_dashboard_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_datasource_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_folder_v1beta1_manifest_test.go out/test-sentinel-grafana_integreatly_org_grafana_v1beta1_manifest_test.go out/test-sentinel-graphql_gloo_solo_io_graph_ql_api_v1beta1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_class_v1alpha1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_content_v1alpha1_manifest_test.go out/test-sentinel-groupsnapshot_storage_k8s_io_volume_group_snapshot_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_cron_hot_backup_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_hazelcast_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_hot_backup_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_management_center_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_map_v1alpha1_manifest_test.go out/test-sentinel-hazelcast_com_wan_replication_v1alpha1_manifest_test.go out/test-sentinel-helm_sigstore_dev_rekor_v1alpha1_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta1_manifest_test.go out/test-sentinel-helm_toolkit_fluxcd_io_helm_release_v2beta2_manifest_test.go out/test-sentinel-hive_openshift_io_checkpoint_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_claim_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deployment_customization_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deployment_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_deprovision_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_image_set_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_pool_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_provision_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_relocate_v1_manifest_test.go out/test-sentinel-hive_openshift_io_cluster_state_v1_manifest_test.go out/test-sentinel-hive_openshift_io_dns_zone_v1_manifest_test.go out/test-sentinel-hive_openshift_io_hive_config_v1_manifest_test.go out/test-sentinel-hive_openshift_io_machine_pool_name_lease_v1_manifest_test.go out/test-sentinel-hive_openshift_io_machine_pool_v1_manifest_test.go out/test-sentinel-hive_openshift_io_selector_sync_identity_provider_v1_manifest_test.go out/test-sentinel-hive_openshift_io_selector_sync_set_v1_manifest_test.go out/test-sentinel-hive_openshift_io_sync_identity_provider_v1_manifest_test.go out/test-sentinel-hive_openshift_io_sync_set_v1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_cluster_sync_lease_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_cluster_sync_v1alpha1_manifest_test.go out/test-sentinel-hiveinternal_openshift_io_fake_cluster_install_v1alpha1_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hierarchical_resource_quota_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hierarchy_configuration_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_hnc_configuration_v1alpha2_manifest_test.go out/test-sentinel-hnc_x_k8s_io_subnamespace_anchor_v1alpha2_manifest_test.go out/test-sentinel-hyperfoil_io_horreum_v1alpha1_manifest_test.go out/test-sentinel-hyperfoil_io_hyperfoil_v1alpha2_manifest_test.go out/test-sentinel-iam_services_k8s_aws_group_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_instance_profile_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_open_id_connect_provider_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_policy_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_role_v1alpha1_manifest_test.go out/test-sentinel-iam_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-ibmcloud_ibm_com_composable_v1alpha1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta1_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_policy_v1beta2_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_repository_v1beta2_manifest_test.go out/test-sentinel-image_toolkit_fluxcd_io_image_update_automation_v1beta2_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_event_bridge_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_event_driven_ingestion_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_instance_binding_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicom_study_binding_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dicomweb_ingestion_service_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dimse_ingestion_service_v1alpha1_manifest_test.go out/test-sentinel-imaging_ingestion_alvearie_org_dimse_proxy_v1alpha1_manifest_test.go out/test-sentinel-inference_kubedl_io_elastic_batch_job_v1alpha1_manifest_test.go out/test-sentinel-infinispan_org_infinispan_v1_manifest_test.go out/test-sentinel-infinispan_org_backup_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_batch_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_cache_v2alpha1_manifest_test.go out/test-sentinel-infinispan_org_restore_v2alpha1_manifest_test.go out/test-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha1_manifest_test.go out/test-sentinel-infra_contrib_fluxcd_io_terraform_v1alpha2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_template_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_cluster_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_template_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_kubevirt_machine_v1alpha1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha3_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1alpha4_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_tinkerbell_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_identity_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_cluster_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_deployment_zone_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_failure_domain_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_template_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_machine_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_v_sphere_vm_v1beta1_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_cluster_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_image_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibm_power_vs_machine_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_cluster_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_template_v1beta2_manifest_test.go out/test-sentinel-infrastructure_cluster_x_k8s_io_ibmvpc_machine_v1beta2_manifest_test.go out/test-sentinel-installation_mattermost_com_mattermost_v1beta1_manifest_test.go out/test-sentinel-instana_io_instana_agent_v1_manifest_test.go out/test-sentinel-integration_rock8s_com_deferred_resource_v1beta1_manifest_test.go out/test-sentinel-integration_rock8s_com_plug_v1beta1_manifest_test.go out/test-sentinel-integration_rock8s_com_socket_v1beta1_manifest_test.go out/test-sentinel-iot_eclipse_org_ditto_v1alpha1_manifest_test.go out/test-sentinel-iot_eclipse_org_hawkbit_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_v1alpha1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_claim_v1beta1_manifest_test.go out/test-sentinel-ipam_cluster_x_k8s_io_ip_address_v1beta1_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha1_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha2_manifest_test.go out/test-sentinel-isindir_github_com_sops_secret_v1alpha3_manifest_test.go out/test-sentinel-jaegertracing_io_jaeger_v1_manifest_test.go out/test-sentinel-jobset_x_k8s_io_job_set_v1alpha2_manifest_test.go out/test-sentinel-jobsmanager_raczylo_com_managed_job_v1beta1_manifest_test.go out/test-sentinel-k6_io_k6_v1alpha1_manifest_test.go out/test-sentinel-k6_io_private_load_zone_v1alpha1_manifest_test.go out/test-sentinel-k6_io_test_run_v1alpha1_manifest_test.go out/test-sentinel-k8gb_absa_oss_gslb_v1beta1_manifest_test.go out/test-sentinel-k8s_keycloak_org_keycloak_realm_import_v2alpha1_manifest_test.go out/test-sentinel-k8s_keycloak_org_keycloak_v2alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_backup_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_connection_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_database_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_grant_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_maria_db_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_max_scale_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_restore_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_sql_job_v1alpha1_manifest_test.go out/test-sentinel-k8s_mariadb_com_user_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_global_configuration_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_policy_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_transport_server_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_virtual_server_route_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_virtual_server_v1_manifest_test.go out/test-sentinel-k8s_nginx_org_global_configuration_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_policy_v1alpha1_manifest_test.go out/test-sentinel-k8s_nginx_org_transport_server_v1alpha1_manifest_test.go out/test-sentinel-k8s_otterize_com_client_intents_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_kafka_server_config_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_protected_service_v1alpha2_manifest_test.go out/test-sentinel-k8s_otterize_com_client_intents_v1alpha3_manifest_test.go out/test-sentinel-k8s_otterize_com_kafka_server_config_v1alpha3_manifest_test.go out/test-sentinel-k8s_otterize_com_protected_service_v1alpha3_manifest_test.go out/test-sentinel-k8up_io_archive_v1_manifest_test.go out/test-sentinel-k8up_io_backup_v1_manifest_test.go out/test-sentinel-k8up_io_check_v1_manifest_test.go out/test-sentinel-k8up_io_pre_backup_pod_v1_manifest_test.go out/test-sentinel-k8up_io_prune_v1_manifest_test.go out/test-sentinel-k8up_io_restore_v1_manifest_test.go out/test-sentinel-k8up_io_schedule_v1_manifest_test.go out/test-sentinel-k8up_io_snapshot_v1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_cruise_control_operation_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_topic_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_user_v1alpha1_manifest_test.go out/test-sentinel-kafka_banzaicloud_io_kafka_cluster_v1beta1_manifest_test.go out/test-sentinel-kafka_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1alpha1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1beta1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1beta1_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_bridge_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_connect_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_connector_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_mirror_maker2_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_mirror_maker_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_rebalance_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_topic_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_user_v1beta2_manifest_test.go out/test-sentinel-kafka_strimzi_io_kafka_v1beta2_manifest_test.go out/test-sentinel-kamaji_clastix_io_data_store_v1alpha1_manifest_test.go out/test-sentinel-kamaji_clastix_io_tenant_control_plane_v1alpha1_manifest_test.go out/test-sentinel-karpenter_k8s_aws_ec2_node_class_v1beta1_manifest_test.go out/test-sentinel-karpenter_sh_node_claim_v1beta1_manifest_test.go out/test-sentinel-karpenter_sh_node_pool_v1beta1_manifest_test.go out/test-sentinel-keda_sh_cluster_trigger_authentication_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_scaled_job_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_scaled_object_v1alpha1_manifest_test.go out/test-sentinel-keda_sh_trigger_authentication_v1alpha1_manifest_test.go out/test-sentinel-keycloak_k8s_reddec_net_keycloak_client_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_backup_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_client_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_realm_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_user_v1alpha1_manifest_test.go out/test-sentinel-keycloak_org_keycloak_v1alpha1_manifest_test.go out/test-sentinel-keyspaces_services_k8s_aws_keyspace_v1alpha1_manifest_test.go out/test-sentinel-keyspaces_services_k8s_aws_table_v1alpha1_manifest_test.go out/test-sentinel-kiali_io_kiali_v1alpha1_manifest_test.go out/test-sentinel-kibana_k8s_elastic_co_kibana_v1_manifest_test.go out/test-sentinel-kibana_k8s_elastic_co_kibana_v1beta1_manifest_test.go out/test-sentinel-kinesis_services_k8s_aws_stream_v1alpha1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_module_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_node_modules_config_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta1_manifest_test.go out/test-sentinel-kmm_sigs_x_k8s_io_preflight_validation_v1beta2_manifest_test.go out/test-sentinel-kms_services_k8s_aws_alias_v1alpha1_manifest_test.go out/test-sentinel-kms_services_k8s_aws_grant_v1alpha1_manifest_test.go out/test-sentinel-kms_services_k8s_aws_key_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_dns_record_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_managed_zone_v1alpha1_manifest_test.go out/test-sentinel-kuadrant_io_kuadrant_v1beta1_manifest_test.go out/test-sentinel-kuadrant_io_auth_policy_v1beta2_manifest_test.go out/test-sentinel-kuadrant_io_rate_limit_policy_v1beta2_manifest_test.go out/test-sentinel-kube_green_com_sleep_info_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_cluster_operation_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_cluster_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_local_artifact_set_v1alpha1_manifest_test.go out/test-sentinel-kubean_io_manifest_v1alpha1_manifest_test.go out/test-sentinel-kubecost_com_turndown_schedule_v1alpha1_manifest_test.go out/test-sentinel-kubevious_io_workload_profile_v1alpha1_manifest_test.go out/test-sentinel-kubevious_io_workload_v1alpha1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_admission_check_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_cluster_queue_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_local_queue_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_resource_flavor_v1beta1_manifest_test.go out/test-sentinel-kueue_x_k8s_io_workload_v1beta1_manifest_test.go out/test-sentinel-kuma_io_circuit_breaker_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_container_patch_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_dataplane_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_dataplane_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_external_service_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_fault_injection_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_health_check_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_access_log_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_circuit_breaker_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_fault_injection_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_config_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_instance_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_gateway_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_health_check_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_http_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_load_balancing_strategy_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_proxy_patch_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_rate_limit_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_retry_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_tcp_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_timeout_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_trace_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_traffic_permission_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_mesh_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_proxy_template_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_rate_limit_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_retry_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_service_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_timeout_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_log_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_permission_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_route_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_traffic_trace_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_virtual_outbound_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_egress_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_egress_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_ingress_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_ingress_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_insight_v1alpha1_manifest_test.go out/test-sentinel-kuma_io_zone_v1alpha1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta1_manifest_test.go out/test-sentinel-kustomize_toolkit_fluxcd_io_kustomization_v1beta2_manifest_test.go out/test-sentinel-kyverno_io_cluster_policy_v1_manifest_test.go out/test-sentinel-kyverno_io_policy_v1_manifest_test.go out/test-sentinel-kyverno_io_admission_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_background_scan_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_cluster_admission_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_cluster_background_scan_report_v1alpha2_manifest_test.go out/test-sentinel-kyverno_io_update_request_v1beta1_manifest_test.go out/test-sentinel-kyverno_io_admission_report_v2_manifest_test.go out/test-sentinel-kyverno_io_background_scan_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_admission_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_background_scan_report_v2_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2_manifest_test.go out/test-sentinel-kyverno_io_update_request_v2_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_global_context_entry_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2alpha1_manifest_test.go out/test-sentinel-kyverno_io_cleanup_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_cluster_cleanup_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_cluster_policy_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_policy_exception_v2beta1_manifest_test.go out/test-sentinel-kyverno_io_policy_v2beta1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_alias_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_code_signing_config_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_event_source_mapping_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_function_url_config_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_function_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_layer_version_v1alpha1_manifest_test.go out/test-sentinel-lambda_services_k8s_aws_version_v1alpha1_manifest_test.go out/test-sentinel-lb_lbconfig_carlosedp_com_external_load_balancer_v1_manifest_test.go out/test-sentinel-leaksignal_com_cluster_leaksignal_istio_v1_manifest_test.go out/test-sentinel-leaksignal_com_leaksignal_istio_v1_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta4_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_secret_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_bitwarden_template_v1beta5_manifest_test.go out/test-sentinel-lerentis_uploadfilter24_eu_registry_credential_v1beta5_manifest_test.go out/test-sentinel-limitador_kuadrant_io_limitador_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_engine_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_experiment_v1alpha1_manifest_test.go out/test-sentinel-litmuschaos_io_chaos_result_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_flow_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_output_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_flow_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_logging_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_output_v1alpha1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_cluster_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_fluentbit_agent_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_logging_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_node_agent_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_cluster_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_cluster_output_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_flow_v1beta1_manifest_test.go out/test-sentinel-logging_banzaicloud_io_syslog_ng_output_v1beta1_manifest_test.go out/test-sentinel-logging_extensions_banzaicloud_io_event_tailer_v1alpha1_manifest_test.go out/test-sentinel-logging_extensions_banzaicloud_io_host_tailer_v1alpha1_manifest_test.go out/test-sentinel-loki_grafana_com_alerting_rule_v1_manifest_test.go out/test-sentinel-loki_grafana_com_loki_stack_v1_manifest_test.go out/test-sentinel-loki_grafana_com_recording_rule_v1_manifest_test.go out/test-sentinel-loki_grafana_com_ruler_config_v1_manifest_test.go out/test-sentinel-loki_grafana_com_alerting_rule_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_loki_stack_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_recording_rule_v1beta1_manifest_test.go out/test-sentinel-loki_grafana_com_ruler_config_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_data_source_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_target_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backup_volume_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_engine_image_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_engine_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_instance_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_node_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_recurring_job_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_replica_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_setting_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_share_manager_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_volume_v1beta1_manifest_test.go out/test-sentinel-longhorn_io_backing_image_data_source_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backing_image_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backing_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_backing_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_target_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_backup_volume_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_engine_image_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_engine_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_instance_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_node_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_orphan_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_recurring_job_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_replica_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_setting_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_share_manager_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_snapshot_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_support_bundle_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_system_backup_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_system_restore_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_volume_attachment_v1beta2_manifest_test.go out/test-sentinel-longhorn_io_volume_v1beta2_manifest_test.go out/test-sentinel-m4e_krestomat_io_moodle_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_nginx_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_phpfpm_v1alpha1_manifest_test.go out/test-sentinel-m4e_krestomat_io_routine_v1alpha1_manifest_test.go out/test-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-machine_deletion_remediation_medik8s_io_machine_deletion_remediation_v1alpha1_manifest_test.go out/test-sentinel-maps_k8s_elastic_co_elastic_maps_server_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_backup_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_connection_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_database_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_grant_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_maria_db_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_restore_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_sql_job_v1alpha1_manifest_test.go out/test-sentinel-mariadb_mmontes_io_user_v1alpha1_manifest_test.go out/test-sentinel-marin3r_3scale_net_envoy_config_revision_v1alpha1_manifest_test.go out/test-sentinel-marin3r_3scale_net_envoy_config_v1alpha1_manifest_test.go out/test-sentinel-mattermost_com_cluster_installation_v1alpha1_manifest_test.go out/test-sentinel-mattermost_com_mattermost_restore_db_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_acl_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_cluster_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_snapshot_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-memorydb_services_k8s_aws_user_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_composite_controller_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_controller_revision_v1alpha1_manifest_test.go out/test-sentinel-metacontroller_k8s_io_decorator_controller_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_bare_metal_host_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_bmc_event_subscription_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_data_image_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_firmware_schema_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_hardware_data_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_host_firmware_components_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_host_firmware_settings_v1alpha1_manifest_test.go out/test-sentinel-metal3_io_preprovisioning_image_v1alpha1_manifest_test.go out/test-sentinel-minio_min_io_tenant_v2_manifest_test.go out/test-sentinel-mirrors_kts_studio_secret_mirror_v1alpha1_manifest_test.go out/test-sentinel-mirrors_kts_studio_secret_mirror_v1alpha2_manifest_test.go out/test-sentinel-model_kubedl_io_model_v1alpha1_manifest_test.go out/test-sentinel-model_kubedl_io_model_version_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_pod_monitor_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_probe_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_rule_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_service_monitor_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_thanos_ruler_v1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_config_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_prometheus_agent_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_scrape_config_v1alpha1_manifest_test.go out/test-sentinel-monitoring_coreos_com_alertmanager_config_v1beta1_manifest_test.go out/test-sentinel-monocle_monocle_change_metrics_io_monocle_v1alpha1_manifest_test.go out/test-sentinel-mq_services_k8s_aws_broker_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_info_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_gateway_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_label_identity_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_member_cluster_announce_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_multi_cluster_config_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_resource_export_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_resource_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_claim_v1alpha2_manifest_test.go out/test-sentinel-multicluster_crd_antrea_io_cluster_set_v1alpha2_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_applied_work_v1alpha1_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_service_import_v1alpha1_manifest_test.go out/test-sentinel-multicluster_x_k8s_io_work_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_image_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1alpha1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_metadata_v1beta1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_assign_v1beta1_manifest_test.go out/test-sentinel-mutations_gatekeeper_sh_modify_set_v1beta1_manifest_test.go out/test-sentinel-nativestor_alauda_io_raw_device_v1_manifest_test.go out/test-sentinel-netchecks_io_network_assertion_v1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_firewall_policy_v1alpha1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_firewall_v1alpha1_manifest_test.go out/test-sentinel-networkfirewall_services_k8s_aws_rule_group_v1alpha1_manifest_test.go out/test-sentinel-networking_gke_io_managed_certificate_v1_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_envoy_filter_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1alpha3_manifest_test.go out/test-sentinel-networking_istio_io_destination_rule_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_gateway_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_proxy_config_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_service_entry_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_sidecar_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_virtual_service_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_workload_entry_v1beta1_manifest_test.go out/test-sentinel-networking_istio_io_workload_group_v1beta1_manifest_test.go out/test-sentinel-networking_k8s_aws_policy_endpoint_v1alpha1_manifest_test.go out/test-sentinel-networking_k8s_io_ingress_class_v1_manifest_test.go out/test-sentinel-networking_k8s_io_ingress_v1_manifest_test.go out/test-sentinel-networking_k8s_io_network_policy_v1_manifest_test.go out/test-sentinel-networking_karmada_io_multi_cluster_ingress_v1alpha1_manifest_test.go out/test-sentinel-networking_karmada_io_multi_cluster_service_v1alpha1_manifest_test.go out/test-sentinel-nfd_k8s_sigs_io_node_feature_rule_v1alpha1_manifest_test.go out/test-sentinel-nfd_kubernetes_io_node_feature_discovery_v1_manifest_test.go out/test-sentinel-nfd_kubernetes_io_node_feature_rule_v1alpha1_manifest_test.go out/test-sentinel-nodeinfo_volcano_sh_numatopology_v1alpha1_manifest_test.go out/test-sentinel-notebook_kubedl_io_notebook_v1alpha1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta1_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_receiver_v1beta2_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_alert_v1beta3_manifest_test.go out/test-sentinel-notification_toolkit_fluxcd_io_provider_v1beta3_manifest_test.go out/test-sentinel-objectbucket_io_object_bucket_claim_v1alpha1_manifest_test.go out/test-sentinel-objectbucket_io_object_bucket_v1alpha1_manifest_test.go out/test-sentinel-onepassword_com_one_password_item_v1_manifest_test.go out/test-sentinel-opensearchservice_services_k8s_aws_domain_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_instrumentation_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_op_amp_bridge_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_open_telemetry_collector_v1alpha1_manifest_test.go out/test-sentinel-opentelemetry_io_open_telemetry_collector_v1beta1_manifest_test.go out/test-sentinel-operations_kubeedge_io_node_upgrade_job_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_csp_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_database_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_enforcer_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_gateway_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_kube_enforcer_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_scanner_v1alpha1_manifest_test.go out/test-sentinel-operator_aquasec_com_aqua_server_v1alpha1_manifest_test.go out/test-sentinel-operator_authorino_kuadrant_io_authorino_v1beta1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha1_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_addon_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_bootstrap_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_control_plane_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_core_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cluster_x_k8s_io_infrastructure_provider_v1alpha2_manifest_test.go out/test-sentinel-operator_cryostat_io_cryostat_v1beta1_manifest_test.go out/test-sentinel-operator_knative_dev_knative_eventing_v1beta1_manifest_test.go out/test-sentinel-operator_knative_dev_knative_serving_v1beta1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_discovery_service_certificate_v1alpha1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_discovery_service_v1alpha1_manifest_test.go out/test-sentinel-operator_marin3r_3scale_net_envoy_deployment_v1alpha1_manifest_test.go out/test-sentinel-operator_open_cluster_management_io_cluster_manager_v1_manifest_test.go out/test-sentinel-operator_open_cluster_management_io_klusterlet_v1_manifest_test.go out/test-sentinel-operator_shipwright_io_shipwright_build_v1alpha1_manifest_test.go out/test-sentinel-operator_tigera_io_amazon_cloud_integration_v1_manifest_test.go out/test-sentinel-operator_tigera_io_api_server_v1_manifest_test.go out/test-sentinel-operator_tigera_io_application_layer_v1_manifest_test.go out/test-sentinel-operator_tigera_io_authentication_v1_manifest_test.go out/test-sentinel-operator_tigera_io_compliance_v1_manifest_test.go out/test-sentinel-operator_tigera_io_egress_gateway_v1_manifest_test.go out/test-sentinel-operator_tigera_io_image_set_v1_manifest_test.go out/test-sentinel-operator_tigera_io_installation_v1_manifest_test.go out/test-sentinel-operator_tigera_io_intrusion_detection_v1_manifest_test.go out/test-sentinel-operator_tigera_io_log_collector_v1_manifest_test.go out/test-sentinel-operator_tigera_io_log_storage_v1_manifest_test.go out/test-sentinel-operator_tigera_io_management_cluster_connection_v1_manifest_test.go out/test-sentinel-operator_tigera_io_management_cluster_v1_manifest_test.go out/test-sentinel-operator_tigera_io_manager_v1_manifest_test.go out/test-sentinel-operator_tigera_io_monitor_v1_manifest_test.go out/test-sentinel-operator_tigera_io_packet_capture_v1_manifest_test.go out/test-sentinel-operator_tigera_io_policy_recommendation_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tenant_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tigera_status_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tls_pass_through_route_v1_manifest_test.go out/test-sentinel-operator_tigera_io_tls_terminated_route_v1_manifest_test.go out/test-sentinel-operator_tigera_io_amazon_cloud_integration_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_agent_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alert_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alertmanager_config_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_alertmanager_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_auth_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_cluster_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_node_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_pod_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_probe_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_rule_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_service_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_single_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_static_scrape_v1beta1_manifest_test.go out/test-sentinel-operator_victoriametrics_com_vm_user_v1beta1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_backup_schedule_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_backup_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_config_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_cron_anything_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_database_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_export_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_import_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_instance_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_pitr_v1alpha1_manifest_test.go out/test-sentinel-oracle_db_anthosapis_com_release_v1alpha1_manifest_test.go out/test-sentinel-org_eclipse_che_che_cluster_v1_manifest_test.go out/test-sentinel-org_eclipse_che_che_cluster_v2_manifest_test.go out/test-sentinel-organizations_services_k8s_aws_organizational_unit_v1alpha1_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_backup_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_cluster_v2_manifest_test.go out/test-sentinel-pgv2_percona_com_percona_pg_restore_v2_manifest_test.go out/test-sentinel-pipes_services_k8s_aws_pipe_v1alpha1_manifest_test.go out/test-sentinel-pkg_crossplane_io_configuration_revision_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_configuration_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_provider_revision_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_provider_v1_manifest_test.go out/test-sentinel-pkg_crossplane_io_controller_config_v1alpha1_manifest_test.go out/test-sentinel-pkg_crossplane_io_lock_v1beta1_manifest_test.go out/test-sentinel-policy_clusterpedia_io_cluster_import_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_clusterpedia_io_pedia_cluster_lifecycle_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_cluster_override_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_cluster_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_federated_resource_quota_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_override_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_karmada_io_propagation_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_kubeedge_io_service_account_access_v1alpha1_manifest_test.go out/test-sentinel-policy_networking_k8s_io_admin_network_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_networking_k8s_io_baseline_admin_network_policy_v1alpha1_manifest_test.go out/test-sentinel-policy_pod_disruption_budget_v1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_pg_admin_v1beta1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_pg_upgrade_v1beta1_manifest_test.go out/test-sentinel-postgres_operator_crunchydata_com_postgres_cluster_v1beta1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_backup_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_cluster_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_pooler_v1_manifest_test.go out/test-sentinel-postgresql_cnpg_io_scheduled_backup_v1_manifest_test.go out/test-sentinel-projectcontour_io_http_proxy_v1_manifest_test.go out/test-sentinel-projectcontour_io_tls_certificate_delegation_v1_manifest_test.go out/test-sentinel-projectcontour_io_contour_configuration_v1alpha1_manifest_test.go out/test-sentinel-projectcontour_io_contour_deployment_v1alpha1_manifest_test.go out/test-sentinel-projectcontour_io_extension_service_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_alert_manager_definition_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_logging_configuration_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_rule_groups_namespace_v1alpha1_manifest_test.go out/test-sentinel-prometheusservice_services_k8s_aws_workspace_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_backup_v1alpha1_manifest_test.go out/test-sentinel-ps_percona_com_percona_server_my_sql_restore_v1alpha1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_v1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_backup_v1_manifest_test.go out/test-sentinel-psmdb_percona_com_percona_server_mongo_db_restore_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_node_ptp_device_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_ptp_config_v1_manifest_test.go out/test-sentinel-ptp_openshift_io_ptp_operator_config_v1_manifest_test.go out/test-sentinel-pubsubplus_solace_com_pub_sub_plus_event_broker_v1beta1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_backup_v1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_restore_v1_manifest_test.go out/test-sentinel-pxc_percona_com_percona_xtra_db_cluster_v1_manifest_test.go out/test-sentinel-quay_redhat_com_quay_registry_v1_manifest_test.go out/test-sentinel-quota_codeflare_dev_quota_subtree_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_cluster_v1_manifest_test.go out/test-sentinel-ray_io_ray_job_v1_manifest_test.go out/test-sentinel-ray_io_ray_service_v1_manifest_test.go out/test-sentinel-ray_io_ray_cluster_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_job_v1alpha1_manifest_test.go out/test-sentinel-ray_io_ray_service_v1alpha1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_cluster_role_binding_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_cluster_role_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_role_binding_v1_manifest_test.go out/test-sentinel-rbac_authorization_k8s_io_role_v1_manifest_test.go out/test-sentinel-rbacmanager_reactiveops_io_rbac_definition_v1beta1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_component_v1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_operation_v1_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_component_v1beta2_manifest_test.go out/test-sentinel-rc_app_stacks_runtime_operation_v1beta2_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_cluster_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_cluster_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_instance_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_parameter_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_proxy_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_db_subnet_group_v1alpha1_manifest_test.go out/test-sentinel-rds_services_k8s_aws_global_cluster_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_group_config_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_keepalived_group_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_namespace_config_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_patch_v1alpha1_manifest_test.go out/test-sentinel-redhatcop_redhat_io_user_config_v1alpha1_manifest_test.go out/test-sentinel-registry_apicur_io_apicurio_registry_v1_manifest_test.go out/test-sentinel-registry_devfile_io_cluster_devfile_registries_list_v1alpha1_manifest_test.go out/test-sentinel-registry_devfile_io_devfile_registries_list_v1alpha1_manifest_test.go out/test-sentinel-registry_devfile_io_devfile_registry_v1alpha1_manifest_test.go out/test-sentinel-reliablesyncs_kubeedge_io_cluster_object_sync_v1alpha1_manifest_test.go out/test-sentinel-reliablesyncs_kubeedge_io_object_sync_v1alpha1_manifest_test.go out/test-sentinel-remediation_medik8s_io_node_health_check_v1alpha1_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_backup_v1beta2_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_restore_v1beta2_manifest_test.go out/test-sentinel-repo_manager_pulpproject_org_pulp_v1beta2_manifest_test.go out/test-sentinel-reports_kyverno_io_cluster_ephemeral_report_v1_manifest_test.go out/test-sentinel-reports_kyverno_io_ephemeral_report_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_login_rule_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_okta_import_rule_v1_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_provision_token_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_saml_connector_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_user_v2_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_github_connector_v3_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_oidc_connector_v3_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_role_v5_manifest_test.go out/test-sentinel-resources_teleport_dev_teleport_role_v6_manifest_test.go out/test-sentinel-ripsaw_cloudbulldozer_io_benchmark_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_broker_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_console_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_name_service_v1alpha1_manifest_test.go out/test-sentinel-rocketmq_apache_org_topic_transfer_v1alpha1_manifest_test.go out/test-sentinel-route53_services_k8s_aws_hosted_zone_v1alpha1_manifest_test.go out/test-sentinel-route53_services_k8s_aws_record_set_v1alpha1_manifest_test.go out/test-sentinel-route53resolver_services_k8s_aws_resolver_endpoint_v1alpha1_manifest_test.go out/test-sentinel-route53resolver_services_k8s_aws_resolver_rule_v1alpha1_manifest_test.go out/test-sentinel-rules_kubeedge_io_rule_endpoint_v1_manifest_test.go out/test-sentinel-rules_kubeedge_io_rule_v1_manifest_test.go out/test-sentinel-runtime_cluster_x_k8s_io_extension_config_v1alpha1_manifest_test.go out/test-sentinel-s3_services_k8s_aws_bucket_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_bucket_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_user_claim_v1alpha1_manifest_test.go out/test-sentinel-s3_snappcloud_io_s3_user_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_app_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_data_quality_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_domain_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_endpoint_config_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_endpoint_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_feature_group_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_hyper_parameter_tuning_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_bias_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_explainability_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_package_group_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_package_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_quality_job_definition_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_model_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_monitoring_schedule_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_notebook_instance_lifecycle_config_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_notebook_instance_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_processing_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_training_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_transform_job_v1alpha1_manifest_test.go out/test-sentinel-sagemaker_services_k8s_aws_user_profile_v1alpha1_manifest_test.go out/test-sentinel-scheduling_k8s_io_priority_class_v1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_device_v1alpha1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_pod_migration_job_v1alpha1_manifest_test.go out/test-sentinel-scheduling_koordinator_sh_reservation_v1alpha1_manifest_test.go out/test-sentinel-scheduling_sigs_k8s_io_elastic_quota_v1alpha1_manifest_test.go out/test-sentinel-scheduling_sigs_k8s_io_pod_group_v1alpha1_manifest_test.go out/test-sentinel-scheduling_volcano_sh_pod_group_v1beta1_manifest_test.go out/test-sentinel-scheduling_volcano_sh_queue_v1beta1_manifest_test.go out/test-sentinel-schemas_schemahero_io_data_type_v1alpha4_manifest_test.go out/test-sentinel-schemas_schemahero_io_migration_v1alpha4_manifest_test.go out/test-sentinel-schemas_schemahero_io_table_v1alpha4_manifest_test.go out/test-sentinel-scylla_scylladb_com_scylla_cluster_v1_manifest_test.go out/test-sentinel-scylla_scylladb_com_node_config_v1alpha1_manifest_test.go out/test-sentinel-scylla_scylladb_com_scylla_operator_config_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_basic_auth_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_ssh_key_pair_v1alpha1_manifest_test.go out/test-sentinel-secretgenerator_mittwald_de_string_secret_v1alpha1_manifest_test.go out/test-sentinel-secrets_crossplane_io_store_config_v1alpha1_manifest_test.go out/test-sentinel-secrets_doppler_com_doppler_secret_v1alpha1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_hcp_auth_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_hcp_vault_secrets_app_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_auth_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_connection_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_dynamic_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_pki_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_hashicorp_com_vault_static_secret_v1beta1_manifest_test.go out/test-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1_manifest_test.go out/test-sentinel-secrets_store_csi_x_k8s_io_secret_provider_class_v1alpha1_manifest_test.go out/test-sentinel-secretsmanager_services_k8s_aws_secret_v1alpha1_manifest_test.go out/test-sentinel-secscan_quay_redhat_com_image_manifest_vuln_v1alpha1_manifest_test.go out/test-sentinel-security_istio_io_authorization_policy_v1_manifest_test.go out/test-sentinel-security_istio_io_peer_authentication_v1_manifest_test.go out/test-sentinel-security_istio_io_request_authentication_v1_manifest_test.go out/test-sentinel-security_istio_io_authorization_policy_v1beta1_manifest_test.go out/test-sentinel-security_istio_io_peer_authentication_v1beta1_manifest_test.go out/test-sentinel-security_istio_io_request_authentication_v1beta1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_app_armor_profile_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_profile_binding_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_profile_recording_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_security_profile_node_status_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_security_profiles_operator_daemon_v1alpha1_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_raw_selinux_profile_v1alpha2_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_selinux_profile_v1alpha2_manifest_test.go out/test-sentinel-security_profiles_operator_x_k8s_io_seccomp_profile_v1beta1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_config_v1alpha1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_template_v1alpha1_manifest_test.go out/test-sentinel-self_node_remediation_medik8s_io_self_node_remediation_v1alpha1_manifest_test.go out/test-sentinel-sematext_com_sematext_agent_v1_manifest_test.go out/test-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1alpha3_manifest_test.go out/test-sentinel-servicebinding_io_service_binding_v1alpha3_manifest_test.go out/test-sentinel-servicebinding_io_cluster_workload_resource_mapping_v1beta1_manifest_test.go out/test-sentinel-servicebinding_io_service_binding_v1beta1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_control_plane_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_mesh_gateway_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_istio_mesh_v1alpha1_manifest_test.go out/test-sentinel-servicemesh_cisco_com_peer_istio_control_plane_v1alpha1_manifest_test.go out/test-sentinel-services_k8s_aws_adopted_resource_v1alpha1_manifest_test.go out/test-sentinel-services_k8s_aws_field_export_v1alpha1_manifest_test.go out/test-sentinel-serving_kubedl_io_inference_v1alpha1_manifest_test.go out/test-sentinel-sfn_services_k8s_aws_activity_v1alpha1_manifest_test.go out/test-sentinel-sfn_services_k8s_aws_state_machine_v1alpha1_manifest_test.go out/test-sentinel-site_superedge_io_node_group_v1alpha1_manifest_test.go out/test-sentinel-site_superedge_io_node_unit_v1alpha1_manifest_test.go out/test-sentinel-slo_koordinator_sh_node_metric_v1alpha1_manifest_test.go out/test-sentinel-slo_koordinator_sh_node_slo_v1alpha1_manifest_test.go out/test-sentinel-sloth_slok_dev_prometheus_service_level_v1_manifest_test.go out/test-sentinel-snapscheduler_backube_snapshot_schedule_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_class_v1beta1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_content_v1beta1_manifest_test.go out/test-sentinel-snapshot_storage_k8s_io_volume_snapshot_v1beta1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_platform_application_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_platform_endpoint_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_subscription_v1alpha1_manifest_test.go out/test-sentinel-sns_services_k8s_aws_topic_v1alpha1_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_build_v1alpha08_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_platform_v1alpha08_manifest_test.go out/test-sentinel-sonataflow_org_sonata_flow_v1alpha08_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta1_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_bucket_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_git_repository_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_chart_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_helm_repository_v1beta2_manifest_test.go out/test-sentinel-source_toolkit_fluxcd_io_oci_repository_v1beta2_manifest_test.go out/test-sentinel-sparkoperator_k8s_io_scheduled_spark_application_v1beta2_manifest_test.go out/test-sentinel-sparkoperator_k8s_io_spark_application_v1beta2_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_identity_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_managed_identity_v1alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v2alpha1_manifest_test.go out/test-sentinel-spv_no_azure_key_vault_secret_v2beta1_manifest_test.go out/test-sentinel-sqs_services_k8s_aws_queue_v1alpha1_manifest_test.go out/test-sentinel-storage_k8s_io_csi_driver_v1_manifest_test.go out/test-sentinel-storage_k8s_io_csi_node_v1_manifest_test.go out/test-sentinel-storage_k8s_io_storage_class_v1_manifest_test.go out/test-sentinel-storage_k8s_io_volume_attachment_v1_manifest_test.go out/test-sentinel-storage_kubeblocks_io_storage_provider_v1alpha1_manifest_test.go out/test-sentinel-storageos_com_storage_os_cluster_v1_manifest_test.go out/test-sentinel-sts_min_io_policy_binding_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_dataplane_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_gateway_config_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_static_service_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_udp_route_v1_manifest_test.go out/test-sentinel-stunner_l7mp_io_dataplane_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_gateway_config_v1alpha1_manifest_test.go out/test-sentinel-stunner_l7mp_io_static_service_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_broker_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_service_discovery_v1alpha1_manifest_test.go out/test-sentinel-submariner_io_submariner_v1alpha1_manifest_test.go out/test-sentinel-telemetry_istio_io_telemetry_v1_manifest_test.go out/test-sentinel-telemetry_istio_io_telemetry_v1alpha1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1alpha1_manifest_test.go out/test-sentinel-templates_gatekeeper_sh_constraint_template_v1beta1_manifest_test.go out/test-sentinel-tempo_grafana_com_tempo_monolithic_v1alpha1_manifest_test.go out/test-sentinel-tempo_grafana_com_tempo_stack_v1alpha1_manifest_test.go out/test-sentinel-temporal_io_temporal_cluster_client_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_cluster_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_namespace_v1beta1_manifest_test.go out/test-sentinel-temporal_io_temporal_worker_process_v1beta1_manifest_test.go out/test-sentinel-tests_testkube_io_script_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_execution_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_source_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_execution_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_trigger_v1_manifest_test.go out/test-sentinel-tests_testkube_io_test_v1_manifest_test.go out/test-sentinel-tests_testkube_io_script_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_v2_manifest_test.go out/test-sentinel-tests_testkube_io_test_suite_v3_manifest_test.go out/test-sentinel-tests_testkube_io_test_v3_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_alarm_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_snmp_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_analytics_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_cassandra_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_config_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_control_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_kubemanager_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_manager_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_query_engine_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_rabbitmq_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_redis_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_vrouter_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_webui_v1alpha1_manifest_test.go out/test-sentinel-tf_tungsten_io_zookeeper_v1alpha1_manifest_test.go out/test-sentinel-theketch_io_app_v1beta1_manifest_test.go out/test-sentinel-theketch_io_job_v1beta1_manifest_test.go out/test-sentinel-tinkerbell_org_hardware_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_osie_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_stack_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_template_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_workflow_v1alpha1_manifest_test.go out/test-sentinel-tinkerbell_org_hardware_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_osie_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_template_v1alpha2_manifest_test.go out/test-sentinel-tinkerbell_org_workflow_v1alpha2_manifest_test.go out/test-sentinel-topology_node_k8s_io_node_resource_topology_v1alpha1_manifest_test.go out/test-sentinel-topolvm_cybozu_com_logical_volume_v1_manifest_test.go out/test-sentinel-topolvm_cybozu_com_topolvm_cluster_v2_manifest_test.go out/test-sentinel-traefik_io_ingress_route_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_ingress_route_udp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_ingress_route_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_middleware_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_middleware_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_servers_transport_tcp_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_servers_transport_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_tls_option_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_tls_store_v1alpha1_manifest_test.go out/test-sentinel-traefik_io_traefik_service_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_elastic_dl_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_mars_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_mpi_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_py_torch_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_tf_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_xdl_job_v1alpha1_manifest_test.go out/test-sentinel-training_kubedl_io_xg_boost_job_v1alpha1_manifest_test.go out/test-sentinel-trust_cert_manager_io_bundle_v1alpha1_manifest_test.go out/test-sentinel-upgrade_cattle_io_plan_v1_manifest_test.go out/test-sentinel-upgrade_managed_openshift_io_upgrade_config_v1alpha1_manifest_test.go out/test-sentinel-velero_io_backup_repository_v1_manifest_test.go out/test-sentinel-velero_io_backup_storage_location_v1_manifest_test.go out/test-sentinel-velero_io_backup_v1_manifest_test.go out/test-sentinel-velero_io_delete_backup_request_v1_manifest_test.go out/test-sentinel-velero_io_download_request_v1_manifest_test.go out/test-sentinel-velero_io_pod_volume_backup_v1_manifest_test.go out/test-sentinel-velero_io_pod_volume_restore_v1_manifest_test.go out/test-sentinel-velero_io_restore_v1_manifest_test.go out/test-sentinel-velero_io_schedule_v1_manifest_test.go out/test-sentinel-velero_io_server_status_request_v1_manifest_test.go out/test-sentinel-velero_io_volume_snapshot_location_v1_manifest_test.go out/test-sentinel-velero_io_data_download_v2alpha1_manifest_test.go out/test-sentinel-velero_io_data_upload_v2alpha1_manifest_test.go out/test-sentinel-virt_virtink_smartx_com_virtual_machine_migration_v1alpha1_manifest_test.go out/test-sentinel-virt_virtink_smartx_com_virtual_machine_v1alpha1_manifest_test.go out/test-sentinel-volsync_backube_replication_destination_v1alpha1_manifest_test.go out/test-sentinel-volsync_backube_replication_source_v1alpha1_manifest_test.go out/test-sentinel-vpcresources_k8s_aws_cni_node_v1alpha1_manifest_test.go out/test-sentinel-vpcresources_k8s_aws_security_group_policy_v1beta1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1alpha1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1alpha2_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1alpha2_manifest_test.go out/test-sentinel-wgpolicyk8s_io_cluster_policy_report_v1beta1_manifest_test.go out/test-sentinel-wgpolicyk8s_io_policy_report_v1beta1_manifest_test.go out/test-sentinel-wildfly_org_wild_fly_server_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_cluster_resource_binding_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_resource_binding_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_work_v1alpha1_manifest_test.go out/test-sentinel-work_karmada_io_cluster_resource_binding_v1alpha2_manifest_test.go out/test-sentinel-work_karmada_io_resource_binding_v1alpha2_manifest_test.go out/test-sentinel-workload_codeflare_dev_app_wrapper_v1beta1_manifest_test.go out/test-sentinel-workload_codeflare_dev_scheduling_spec_v1beta1_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_instance_set_v1alpha1_manifest_test.go out/test-sentinel-workloads_kubeblocks_io_replicated_state_machine_v1alpha1_manifest_test.go out/test-sentinel-zonecontrol_k8s_aws_zone_aware_update_v1_manifest_test.go out/test-sentinel-zonecontrol_k8s_aws_zone_disruption_budget_v1_manifest_test.go out/test-sentinel-zookeeper_pravega_io_zookeeper_cluster_v1beta1_manifest_test.go out/tools-tests-sentinel ## run the unit tests